dumalogiya
/
openwrt
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
v19.07.3_mercusys_ac12_duma
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eedf17dc9e'
${ noResults }
openwrt/package/network/services/hostapd/files/hostapd.sh

360 lines
11 KiB
Bash
Raw Normal View History Unescape Escape

mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
hostapd_set_bss_options() {
local var="$1"
local vif="$2"
hostapd: introduce "wpa_pair_rekey" and "wpa_master_rekey" options, remove hardcoded wpa rekey intervals, remove hardcoded radius_acct_interim_interval as it might overrule the radius Acct-Interim-Interval attribute SVN-Revision: 28207
13 years ago
local enc wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wps_possible
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
hostapd: Add WPS unconfigured & WPS pin method support Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com> Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com> SVN-Revision: 38335
11 years ago
config_get enc "$vif" encryption "none"
hostapd: introduce "wpa_pair_rekey" and "wpa_master_rekey" options, remove hardcoded wpa rekey intervals, remove hardcoded radius_acct_interim_interval as it might overrule the radius Acct-Interim-Interval attribute SVN-Revision: 28207
13 years ago
config_get wep_rekey "$vif" wep_rekey # 300
config_get wpa_group_rekey "$vif" wpa_group_rekey # 300
config_get wpa_pair_rekey "$vif" wpa_pair_rekey # 300
config_get wpa_master_rekey "$vif" wpa_master_rekey # 640
hostapd: add ap isolate support for mac80211 SVN-Revision: 21179
14 years ago
config_get_bool ap_isolate "$vif" isolate 0
hostapd: enable disassoc on many consecutive excessive retries, improves AP mode reliability with many clients SVN-Revision: 33399
12 years ago
config_get_bool disassoc_low_ack "$vif" disassoc_low_ack 1
hostapd: add an option for configuring the maximum number of connected clients SVN-Revision: 33400
12 years ago
config_get max_num_sta "$vif" max_num_sta 0
hostapd: add a config option for the inactivity timeout SVN-Revision: 33412
12 years ago
config_get max_inactivity "$vif" max_inactivity 0
mac80211/hostapd: short_preamble is a per-vif option and should be enabled by default SVN-Revision: 35565
11 years ago
config_get_bool preamble "$vif" short_preamble 1
hostapd: add ap isolate support for mac80211 SVN-Revision: 21179
14 years ago
hostapd: enforce CCMP WPA cipher if hwmode is 11ng or 11na SVN-Revision: 22000
14 years ago
config_get device "$vif" device
config_get hwmode "$device" hwmode
hostapd: Create one control interface per virtual bssid Previously hostapd created one control interface /var/run/hostapd-phyX which only contained the first virtual bssid (for example wlan0). In order to access the other virtual bssids with hostapd_cli add all virtual bssids to /var/run/hostapd-phyX by specifying the ctrl_interface parameter per bssid. Previously the control interface looked like: /var/run/hostapd-phyX/wlan0 Now, the control interface looks like this: /var/run/hostapd-phyX/wlan0 /var/run/hostapd-phyX/wlan1 ... Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 24985
14 years ago
config_get phy "$device" phy
append "$var" "ctrl_interface=/var/run/hostapd-$phy" "$N"
hostapd: enforce CCMP WPA cipher if hwmode is 11ng or 11na SVN-Revision: 22000
14 years ago
hostapd: add ap isolate support for mac80211 SVN-Revision: 21179
14 years ago
if [ "$ap_isolate" -gt 0 ]; then
append "$var" "ap_isolate=$ap_isolate" "$N"
fi
hostapd: add an option for configuring the maximum number of connected clients SVN-Revision: 33400
12 years ago
if [ "$max_num_sta" -gt 0 ]; then
append "$var" "max_num_sta=$max_num_sta" "$N"
fi
hostapd: add a config option for the inactivity timeout SVN-Revision: 33412
12 years ago
if [ "$max_inactivity" -gt 0 ]; then
append "$var" "ap_max_inactivity=$max_inactivity" "$N"
fi
hostapd: enable disassoc on many consecutive excessive retries, improves AP mode reliability with many clients SVN-Revision: 33399
12 years ago
append "$var" "disassoc_low_ack=$disassoc_low_ack" "$N"
mac80211/hostapd: short_preamble is a per-vif option and should be enabled by default SVN-Revision: 35565
11 years ago
if [ "$preamble" -gt 0 ]; then
append "$var" "preamble=$preamble" "$N"
fi
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
# Examples:
# psk-mixed/tkip => WPA1+2 PSK, TKIP
# wpa-psk2/tkip+aes => WPA2 PSK, CCMP+TKIP
# wpa2/tkip+aes => WPA2 RADIUS, CCMP+TKIP
# ...
# TODO: move this parsing function somewhere generic, so that
# later it can be reused by drivers that don't use hostapd
hostapd.sh: Fix typo. The PSK is expected in the "psk" variable, but we put it into the "key" variable. SVN-Revision: 10478
16 years ago
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
# crypto defaults: WPA2 vs WPA1
case "$enc" in
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
wpa2*|*psk2*)
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
wpa=2
crypto="CCMP"
;;
*mixed*)
wpa=3
crypto="CCMP TKIP"
;;
hostapd: add 11n mode and ht_capab option for hostapd SVN-Revision: 14713
15 years ago
*)
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
wpa=1
crypto="TKIP"
;;
esac
# explicit override for crypto setting
case "$enc" in
hostapd: allow *ccmp+tkip and *aes+tkip as well for cipher override SVN-Revision: 21998
14 years ago
*tkip+aes|*tkip+ccmp|*aes+tkip|*ccmp+tkip) crypto="CCMP TKIP";;
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
*aes|*ccmp) crypto="CCMP";;
*tkip) crypto="TKIP";;
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
esac
hostapd.sh: Fix typo. The PSK is expected in the "psk" variable, but we put it into the "key" variable. SVN-Revision: 10478
16 years ago
hostapd: enforce CCMP WPA cipher if hwmode is 11ng or 11na SVN-Revision: 22000
14 years ago
# enforce CCMP for 11ng and 11na
hostapd: allow mixed TKIP/CCMP for 11n SVN-Revision: 25543
13 years ago
case "$hwmode:$crypto" in
*ng:TKIP|*na:TKIP) crypto="CCMP TKIP";;
hostapd: enforce CCMP WPA cipher if hwmode is 11ng or 11na SVN-Revision: 22000
14 years ago
esac
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
# use crypto/auth settings for building the hostapd config
case "$enc" in
hostapd: Add WPS unconfigured & WPS pin method support Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com> Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com> SVN-Revision: 38335
11 years ago
none)
wps_possible=1
wpa=0
crypto=
# Here we make the assumption that if we're in open mode
# with WPS enabled, we got to be in unconfigured state.
wps_not_configured=1
;;
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
*psk*)
change psk back to key SVN-Revision: 10488
16 years ago
config_get psk "$vif" key
A WPA(2) pre-shared key can either be specified as a 8 to 63 character passphrase which is hashed to a 256 bit key together with the SSID, or a 64 character hex key. Currently, the latter option is supported by the broadcom wifi type, but no by hostapd. The attached patch allows using a 64 character hex key. (#3935) Signed-off-by: thomas@archlinux.org SVN-Revision: 12394
16 years ago
if [ ${#psk} -eq 64 ]; then
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
append "$var" "wpa_psk=$psk" "$N"
A WPA(2) pre-shared key can either be specified as a 8 to 63 character passphrase which is hashed to a 256 bit key together with the SSID, or a 64 character hex key. Currently, the latter option is supported by the broadcom wifi type, but no by hostapd. The attached patch allows using a 64 character hex key. (#3935) Signed-off-by: thomas@archlinux.org SVN-Revision: 12394
16 years ago
else
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
append "$var" "wpa_passphrase=$psk" "$N"
A WPA(2) pre-shared key can either be specified as a 8 to 63 character passphrase which is hashed to a 256 bit key together with the SSID, or a 64 character hex key. Currently, the latter option is supported by the broadcom wifi type, but no by hostapd. The attached patch allows using a 64 character hex key. (#3935) Signed-off-by: thomas@archlinux.org SVN-Revision: 12394
16 years ago
fi
hostapd: add preliminary wps script support (push-button only, does not handle multi-bss yet) SVN-Revision: 22100
14 years ago
wps_possible=1
hostapd: introduce "wpa_pair_rekey" and "wpa_master_rekey" options, remove hardcoded wpa rekey intervals, remove hardcoded radius_acct_interim_interval as it might overrule the radius Acct-Interim-Interval attribute SVN-Revision: 28207
13 years ago
[ -n "$wpa_group_rekey" ] && append "$var" "wpa_group_rekey=$wpa_group_rekey" "$N"
[ -n "$wpa_pair_rekey" ] && append "$var" "wpa_ptk_rekey=$wpa_pair_rekey" "$N"
[ -n "$wpa_master_rekey" ] && append "$var" "wpa_gmk_rekey=$wpa_master_rekey" "$N"
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
;;
hostapd: recognize 8021x as an authentication mode Currently, in order to configure the authentication daemon in 8021x mode, we need to set wireless.@wifi-iface[0].encryption="wpa" Though it works it confuses folks as 8021x is using WEP encryption and not WPA. Therefore the terminology itself is confusing. This change adds 8021x as a recognized string for 8021x authentication. Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com> Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com> SVN-Revision: 38339
11 years ago
*wpa*|*8021x*)
add additions from (#5149) SVN-Revision: 16841
15 years ago
# required fields? formats?
# hostapd is particular, maybe a default configuration for failures
hostapd: add accounting configuration to hostapd uci script Hello This patch add accounting configuration in hostapd.sh It also change "server, port, key" to "auth_server, auth_port, auth_secret" but keep backward compatibility Please patch backfire & trunk Thanks in advance. Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr> SVN-Revision: 26482
13 years ago
config_get auth_server "$vif" auth_server
[ -z "$auth_server" ] && config_get auth_server "$vif" server
append "$var" "auth_server_addr=$auth_server" "$N"
config_get auth_port "$vif" auth_port
[ -z "$auth_port" ] && config_get auth_port "$vif" port
auth_port=${auth_port:-1812}
append "$var" "auth_server_port=$auth_port" "$N"
config_get auth_secret "$vif" auth_secret
[ -z "$auth_secret" ] && config_get auth_secret "$vif" key
append "$var" "auth_server_shared_secret=$auth_secret" "$N"
hostapd: fix hostapd RSN preauthentication PMKSA caching In 2009 OpenWrt's hostapd config added an "auth_cache" boolean to be used to address a reported issue #12129 [0] on a forum [1]. The reported issue on the ticket is different that the one described on the forum. The commit was r33359. This change broke proper RSN preauthentication [2] [3] [4] expectations on hostapd's configuration for WPA2 and this in turn disabled PMKSA caching and Opportunistic Key Caching. This change: * Leaves the "auth_cache" to be used only for WPA networks for those looking to use this as a workaround to a reported issue but annotates a warning over its usage. * Separate "auth_cache" from WPA2 RSN preauthentication, leaving WPA2 RSN preauthentication to enabled only with "rsn_preauth" with the expected and recommended settings. * Adds a new WPA2 RSN preauthentication "rsn_preauth_testing" to be used when evaluating funcionality for WPA2 RSN preauthentication with the expected and recommended settings with the only difference so far with what should be enabled by default to disable Opportunistic Key Caching. Disabling the PMKSA cache should mean the STA could not roam off and back onto the AP that had PMKSA caching disabled and would require a full authentication cycle. This fixes this for WPA2 networks with RSN preauthentication enabled. This change should be applied to AA as well as trunk. TL DR; The issue described on the forum has to do with failure of a STA being able to try to authenticate again with the AP if it failed its first try. This may have been an issue with hostapd in 2009 but as per some tests I cannot reproduce this today on a WPA2 network. The issue described on the ticket alludes to a security issue with the design of using a Radius server to authenticate to an AP. The issue vaguely alludes to the circumstances of zapping a user, deleting their authentication credentials to log in to the network, and that if RSN preauthentication is enabled with PMKSA caching that the user that was zapped would still be able to authenticate. Lets treat these as separate issues. I cannot reproduce the first issue reported on the forums of not being able to authenticate anymore on a WPA2 network. The issue reported on the ticket modified WPA2 RSN preauthentication by adding two fields to the hostapd configuration if auth_cache was enabled: * disable_pmksa_caching=1 * okc=0 The first one disables PMKSA authentication cache. The second one disables Opportunistic Key Caching. The issue reported on the ticket was fixed by implementing a workaround in hostapd's configuration. Disabling PMKSA caching breaks proper use of WPA2 RSN pre authentication. The usage of disable_pmksa_caching=1 prevents hostapd from adding PMKSA entries into its cache when a successful 802.1x authentication occurs. In practice RSN preauthentication would trigger a STA to perform authentication with other APs on the same SSID, it would then have its own supplicant PMKSA cache held. If a STA roams between one AP to another no new authenitcation would need to be performed as the new AP would already have authenticated the STA. The purpose of the PMKSA cache on the AP side would be for the AP to use the same PMKID for a STA when the STA roams off onto another BSSID and later comes back to it. Disabling Opportunistic Key Caching could help the reported issue as well but its not the correct place to address this. Opportunistic Key Caching enables an AP with different interfaces to share the PMKSA cache. Its a technical enhancement and disabling it would be useful to let a testing suite properly test for RSN preauthentication given that otherwise Opportunistic Key Caching would enable an interface being tested to derive its own derive the PMKSA entry. In production though okc=1 should be enabled to help with RSN preauthentication. The real fix for this particular issue outside of the scope of hostapd's configuration and it should not be dealt with as a workaround to its configuration and breaking expected RSN preauthentication and technical optimizations. Revert this change and enable users to pick and choose to enable or disable disable_pmksa_caching and okc expecting them to instead have read clearly more what these do. As for the core issure ported, the correct place to fix this is to enable a sort of messaging between the RADIUS server and its peers so that if caching for authentication is enabled that cache can be cleared upon user credential updates. Updating a user password (not just zapping a user) is another possible issue that would need to be resolved here. Another part of the solution might be to reduce the cache timing to account for any systematic limitations (RADIUS server not able to ask peers to clear cache might be one). [0] https://dev.openwrt.org/changeset/33359 [1] https://forum.openwrt.org/viewtopic.php?id=19596 [2] http://wireless.kernel.org/en/users/Documentation/hostapd#IEEE_802.11i.2FRSN.2FWPA2_pre-authentication [3] http://wireless.kernel.org/en/users/Documentation/wpa_supplicant#RSN_preauthentication [4] http://wiki.openwrt.org/doc/recipes/rsn_preauthentication Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> SVN-Revision: 38336
11 years ago
# You don't really want to enable this unless you are doing
# some corner case testing or are using OpenWrt as a work around
# for some systematic issues.
hostapd: introduce new default-off option "auth_cache" which controls PMKSA and Opportunistic Key Caching (#12129) SVN-Revision: 33359
12 years ago
config_get_bool auth_cache "$vif" auth_cache 0
hostapd: fix hostapd RSN preauthentication PMKSA caching In 2009 OpenWrt's hostapd config added an "auth_cache" boolean to be used to address a reported issue #12129 [0] on a forum [1]. The reported issue on the ticket is different that the one described on the forum. The commit was r33359. This change broke proper RSN preauthentication [2] [3] [4] expectations on hostapd's configuration for WPA2 and this in turn disabled PMKSA caching and Opportunistic Key Caching. This change: * Leaves the "auth_cache" to be used only for WPA networks for those looking to use this as a workaround to a reported issue but annotates a warning over its usage. * Separate "auth_cache" from WPA2 RSN preauthentication, leaving WPA2 RSN preauthentication to enabled only with "rsn_preauth" with the expected and recommended settings. * Adds a new WPA2 RSN preauthentication "rsn_preauth_testing" to be used when evaluating funcionality for WPA2 RSN preauthentication with the expected and recommended settings with the only difference so far with what should be enabled by default to disable Opportunistic Key Caching. Disabling the PMKSA cache should mean the STA could not roam off and back onto the AP that had PMKSA caching disabled and would require a full authentication cycle. This fixes this for WPA2 networks with RSN preauthentication enabled. This change should be applied to AA as well as trunk. TL DR; The issue described on the forum has to do with failure of a STA being able to try to authenticate again with the AP if it failed its first try. This may have been an issue with hostapd in 2009 but as per some tests I cannot reproduce this today on a WPA2 network. The issue described on the ticket alludes to a security issue with the design of using a Radius server to authenticate to an AP. The issue vaguely alludes to the circumstances of zapping a user, deleting their authentication credentials to log in to the network, and that if RSN preauthentication is enabled with PMKSA caching that the user that was zapped would still be able to authenticate. Lets treat these as separate issues. I cannot reproduce the first issue reported on the forums of not being able to authenticate anymore on a WPA2 network. The issue reported on the ticket modified WPA2 RSN preauthentication by adding two fields to the hostapd configuration if auth_cache was enabled: * disable_pmksa_caching=1 * okc=0 The first one disables PMKSA authentication cache. The second one disables Opportunistic Key Caching. The issue reported on the ticket was fixed by implementing a workaround in hostapd's configuration. Disabling PMKSA caching breaks proper use of WPA2 RSN pre authentication. The usage of disable_pmksa_caching=1 prevents hostapd from adding PMKSA entries into its cache when a successful 802.1x authentication occurs. In practice RSN preauthentication would trigger a STA to perform authentication with other APs on the same SSID, it would then have its own supplicant PMKSA cache held. If a STA roams between one AP to another no new authenitcation would need to be performed as the new AP would already have authenticated the STA. The purpose of the PMKSA cache on the AP side would be for the AP to use the same PMKID for a STA when the STA roams off onto another BSSID and later comes back to it. Disabling Opportunistic Key Caching could help the reported issue as well but its not the correct place to address this. Opportunistic Key Caching enables an AP with different interfaces to share the PMKSA cache. Its a technical enhancement and disabling it would be useful to let a testing suite properly test for RSN preauthentication given that otherwise Opportunistic Key Caching would enable an interface being tested to derive its own derive the PMKSA entry. In production though okc=1 should be enabled to help with RSN preauthentication. The real fix for this particular issue outside of the scope of hostapd's configuration and it should not be dealt with as a workaround to its configuration and breaking expected RSN preauthentication and technical optimizations. Revert this change and enable users to pick and choose to enable or disable disable_pmksa_caching and okc expecting them to instead have read clearly more what these do. As for the core issure ported, the correct place to fix this is to enable a sort of messaging between the RADIUS server and its peers so that if caching for authentication is enabled that cache can be cleared upon user credential updates. Updating a user password (not just zapping a user) is another possible issue that would need to be resolved here. Another part of the solution might be to reduce the cache timing to account for any systematic limitations (RADIUS server not able to ask peers to clear cache might be one). [0] https://dev.openwrt.org/changeset/33359 [1] https://forum.openwrt.org/viewtopic.php?id=19596 [2] http://wireless.kernel.org/en/users/Documentation/hostapd#IEEE_802.11i.2FRSN.2FWPA2_pre-authentication [3] http://wireless.kernel.org/en/users/Documentation/wpa_supplicant#RSN_preauthentication [4] http://wiki.openwrt.org/doc/recipes/rsn_preauthentication Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> SVN-Revision: 38336
11 years ago
config_get rsn_preauth "$vif" rsn_preauth
[ "$auth_cache" -gt 0 ] || [[ "$rsn_preauth" = 1 ]] || append "$var" "disable_pmksa_caching=1" "$N"
[ "$auth_cache" -gt 0 ] || [[ "$rsn_preauth" = 1 ]] || append "$var" "okc=0" "$N"
hostapd: add accounting configuration to hostapd uci script Hello This patch add accounting configuration in hostapd.sh It also change "server, port, key" to "auth_server, auth_port, auth_secret" but keep backward compatibility Please patch backfire & trunk Thanks in advance. Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr> SVN-Revision: 26482
13 years ago
config_get acct_server "$vif" acct_server
[ -n "$acct_server" ] && append "$var" "acct_server_addr=$acct_server" "$N"
config_get acct_port "$vif" acct_port
[ -n "$acct_port" ] && acct_port=${acct_port:-1813}
[ -n "$acct_port" ] && append "$var" "acct_server_port=$acct_port" "$N"
config_get acct_secret "$vif" acct_secret
[ -n "$acct_secret" ] && append "$var" "acct_server_shared_secret=$acct_secret" "$N"
hostapd: Add eap_reauth_period config option This adds the eap_reauth_period to be used for modifying the RADIUS server reauthentication authentication period, a parameter that gets passed directly to the hostapd configuration file. Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com> Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com> SVN-Revision: 38334
11 years ago
config_get eap_reauth_period "$vif" eap_reauth_period
[ -n "$eap_reauth_period" ] && append "$var" "eap_reauth_period=$eap_reauth_period" "$N"
hostapd: Settings for DAE/CoA server hostapd supports "Dynamic Authorization Extensions", making it possible to forcibly disconnect a user by sending it a RADIUS "Disconnect-Request" packet. I've added three new variables to enable setting of the "radius_das_client" and "radius_das_port" variables in the hostapd configuration, which enable these extensions. * dae_client - IP of the client that can send disconnect requests * dae_secret - shared secret for DAE packets These are combined into the "radius_das_client" option in hostapd.conf To enable the server, both dae_client and dae_secret must be set. * dae_port - optional, default value is 3799 as specified in RFC 5176 Signed-off-by: Martijn van de Streek <martijn@vandestreek.net> SVN-Revision: 37734
11 years ago
config_get dae_client "$vif" dae_client
config_get dae_secret "$vif" dae_secret
[ -n "$dae_client" -a -n "$dae_secret" ] && {
config_get dae_port "$vif" dae_port
append "$var" "radius_das_port=${dae_port:-3799}" "$N"
append "$var" "radius_das_client=$dae_client $dae_secret" "$N"
}
add wpa-eap uci configs Signed-off-by: David Bird <david@coova.com> SVN-Revision: 11355
16 years ago
config_get nasid "$vif" nasid
hostapd: Add optional support for hostapd own_ip_addr in wireless config `own_ip_addr` is used by hostapd as NAS-IP-Address. This is used to identify the AP that is requesting the authentication of the user and could be used to define which AP's can authenticate users. Some vendors implement only NAS-Identifier or NAS-IP-Address and not both. This patch adds ownip as an optional parameter in /etc/config/wireless. Signed-off-by: Thomas Wouters <thomaswouters@gmail.com> SVN-Revision: 40934
10 years ago
config_get ownip "$vif" ownip
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
append "$var" "nas_identifier=$nasid" "$N"
hostapd: Add optional support for hostapd own_ip_addr in wireless config `own_ip_addr` is used by hostapd as NAS-IP-Address. This is used to identify the AP that is requesting the authentication of the user and could be used to define which AP's can authenticate users. Some vendors implement only NAS-Identifier or NAS-IP-Address and not both. This patch adds ownip as an optional parameter in /etc/config/wireless. Signed-off-by: Thomas Wouters <thomaswouters@gmail.com> SVN-Revision: 40934
10 years ago
append "$var" "own_ip_addr=$ownip" "$N"
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
append "$var" "eapol_key_index_workaround=1" "$N"
append "$var" "ieee8021x=1" "$N"
append "$var" "wpa_key_mgmt=WPA-EAP" "$N"
hostapd: introduce "wpa_pair_rekey" and "wpa_master_rekey" options, remove hardcoded wpa rekey intervals, remove hardcoded radius_acct_interim_interval as it might overrule the radius Acct-Interim-Interval attribute SVN-Revision: 28207
13 years ago
[ -n "$wpa_group_rekey" ] && append "$var" "wpa_group_rekey=$wpa_group_rekey" "$N"
[ -n "$wpa_pair_rekey" ] && append "$var" "wpa_ptk_rekey=$wpa_pair_rekey" "$N"
[ -n "$wpa_master_rekey" ] && append "$var" "wpa_gmk_rekey=$wpa_master_rekey" "$N"
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
;;
hostapd: support creating WEP networks for mac80211 (patch by Stijn Tintel), fixes #6672 SVN-Revision: 19720
14 years ago
*wep*)
config_get key "$vif" key
key="${key:-1}"
case "$key" in
[1234])
for idx in 1 2 3 4; do
local zidx
zidx=$(($idx - 1))
config_get ckey "$vif" "key${idx}"
[ -n "$ckey" ] && \
append "$var" "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N"
done
append "$var" "wep_default_key=$((key - 1))" "$N"
;;
*)
append "$var" "wep_key0=$(prepare_key_wep "$key")" "$N"
append "$var" "wep_default_key=0" "$N"
hostapd: introduce "wpa_pair_rekey" and "wpa_master_rekey" options, remove hardcoded wpa rekey intervals, remove hardcoded radius_acct_interim_interval as it might overrule the radius Acct-Interim-Interval attribute SVN-Revision: 28207
13 years ago
[ -n "$wep_rekey" ] && append "$var" "wep_rekey_period=$wep_rekey" "$N"
hostapd: support creating WEP networks for mac80211 (patch by Stijn Tintel), fixes #6672 SVN-Revision: 19720
14 years ago
;;
esac
Set auth_algs in hostapd.conf, make it configurable for WEP Always set auth_algs in hostapd.conf. For WEP, auth_algs is configurable by setting the encryption parameter of a wifi-iface to contain "open" (1, open system), "shared" (2, shared key), or "mixed" (3, permits both open system and shared key.) For example, use "wep+shared" for shared key authentication. The default is default is "open" as it is more secure than "shared" (although WEP is pretty weak regardless.) For non-WEP, "open" is always used. https://dev.openwrt.org/ticket/8120 Signed-off-by: Mark Mentovai <mark@moxienet.com> SVN-Revision: 23655
14 years ago
case "$enc" in
*shared*)
auth_algs=2
;;
*mixed*)
auth_algs=3
;;
esac
hostapd: support creating WEP networks for mac80211 (patch by Stijn Tintel), fixes #6672 SVN-Revision: 19720
14 years ago
wpa=0
crypto=
;;
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
*)
Fix hostapd with open access point and per-device configuration, thanks sn9 SVN-Revision: 12375
16 years ago
wpa=0
fix hostapd startup for no-crypto configurations SVN-Revision: 14276
16 years ago
crypto=
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
;;
esac
Set auth_algs in hostapd.conf, make it configurable for WEP Always set auth_algs in hostapd.conf. For WEP, auth_algs is configurable by setting the encryption parameter of a wifi-iface to contain "open" (1, open system), "shared" (2, shared key), or "mixed" (3, permits both open system and shared key.) For example, use "wep+shared" for shared key authentication. The default is default is "open" as it is more secure than "shared" (although WEP is pretty weak regardless.) For non-WEP, "open" is always used. https://dev.openwrt.org/ticket/8120 Signed-off-by: Mark Mentovai <mark@moxienet.com> SVN-Revision: 23655
14 years ago
append "$var" "auth_algs=${auth_algs:-1}" "$N"
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
append "$var" "wpa=$wpa" "$N"
[ -n "$crypto" ] && append "$var" "wpa_pairwise=$crypto" "$N"
[ -n "$wpa_group_rekey" ] && append "$var" "wpa_group_rekey=$wpa_group_rekey" "$N"
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
config_get ssid "$vif" ssid
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
config_get bridge "$vif" bridge
config_get ieee80211d "$vif" ieee80211d
hostapd: Add support for 'iapp_interface' option, thanks stsp (#7719) SVN-Revision: 22527
14 years ago
config_get iapp_interface "$vif" iapp_interface
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
hostapd: add preliminary wps script support (push-button only, does not handle multi-bss yet) SVN-Revision: 22100
14 years ago
config_get_bool wps_pbc "$vif" wps_pushbutton 0
hostapd: add more wps config methods to the config SVN-Revision: 26288
13 years ago
config_get_bool wps_label "$vif" wps_label 0
config_get config_methods "$vif" wps_config
[ "$wps_pbc" -gt 0 ] && append config_methods push_button
[ -n "$wps_possible" -a -n "$config_methods" ] && {
config_get device_type "$vif" wps_device_type "6-0050F204-1"
config_get device_name "$vif" wps_device_name "OpenWrt AP"
config_get manufacturer "$vif" wps_manufacturer "openwrt.org"
hostapd: remove bogus default setting for wps_pin (#17873) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 42553
10 years ago
config_get wps_pin "$vif" wps_pin
hostapd: add more wps config methods to the config SVN-Revision: 26288
13 years ago
hostapd: add external registrar support Setting wireless.@wifi-iface[N].ext_registrar=1 will enable UPNP advertising and add an external registrar to the interface this vif belongs to (br-lan if the vif is included in the LAN bridge). By enabling this we append upnp_iface=xxx to the hostapd config file. Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com> Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com> SVN-Revision: 38338
11 years ago
config_get_bool ext_registrar "$vif" ext_registrar 0
[ "$ext_registrar" -gt 0 -a -n "$bridge" ] && append "$var" "upnp_iface=$bridge" "$N"
hostapd: add preliminary wps script support (push-button only, does not handle multi-bss yet) SVN-Revision: 22100
14 years ago
append "$var" "eap_server=1" "$N"
hostapd: remove bogus default setting for wps_pin (#17873) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 42553
10 years ago
[ -n "$wps_pin" ] && append "$var" "ap_pin=$wps_pin" "$N"
hostapd: Add WPS unconfigured & WPS pin method support Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com> Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com> SVN-Revision: 38335
11 years ago
append "$var" "wps_state=${wps_not_configured:-2}" "$N"
append "$var" "ap_setup_locked=0" "$N"
hostapd: add more wps config methods to the config SVN-Revision: 26288
13 years ago
append "$var" "device_type=$device_type" "$N"
append "$var" "device_name=$device_name" "$N"
append "$var" "manufacturer=$manufacturer" "$N"
append "$var" "config_methods=$config_methods" "$N"
hostapd: add preliminary wps script support (push-button only, does not handle multi-bss yet) SVN-Revision: 22100
14 years ago
}
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
append "$var" "ssid=$ssid" "$N"
[ -n "$bridge" ] && append "$var" "bridge=$bridge" "$N"
[ -n "$ieee80211d" ] && append "$var" "ieee80211d=$ieee80211d" "$N"
hostapd: fix appending the iapp_interface variable to the config Signed-off-by: Alexander Couzens <lynxis@c-base.org> SVN-Revision: 24724
14 years ago
[ -n "$iapp_interface" ] && append "$var" iapp_interface=$(uci_get_state network "$iapp_interface" ifname "$iapp_interface") "$N"
Enable management frame protection in hostapd, and make it configurable in /etc/config/wireless. Since ath9k is currently the only driver that supports MFP, it will only be enabled when ath9k is enabled. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> SVN-Revision: 20396
14 years ago
hostapd: Allow rsn_preauth configuration Hostapd can allow preauthentication for WPA2-EAP networks when the interfaces through which preauthentication is allowed are configured. Add a new param "rsn_preauth=0/1" to the configuration that enables or disables preauthentication on the according bridge interface. Preauthentication for unbridged networks is not considered in this patch. Cc: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 24721
14 years ago
if [ "$wpa" -ge "2" ]
then
hostapd: fix hostapd RSN preauthentication PMKSA caching In 2009 OpenWrt's hostapd config added an "auth_cache" boolean to be used to address a reported issue #12129 [0] on a forum [1]. The reported issue on the ticket is different that the one described on the forum. The commit was r33359. This change broke proper RSN preauthentication [2] [3] [4] expectations on hostapd's configuration for WPA2 and this in turn disabled PMKSA caching and Opportunistic Key Caching. This change: * Leaves the "auth_cache" to be used only for WPA networks for those looking to use this as a workaround to a reported issue but annotates a warning over its usage. * Separate "auth_cache" from WPA2 RSN preauthentication, leaving WPA2 RSN preauthentication to enabled only with "rsn_preauth" with the expected and recommended settings. * Adds a new WPA2 RSN preauthentication "rsn_preauth_testing" to be used when evaluating funcionality for WPA2 RSN preauthentication with the expected and recommended settings with the only difference so far with what should be enabled by default to disable Opportunistic Key Caching. Disabling the PMKSA cache should mean the STA could not roam off and back onto the AP that had PMKSA caching disabled and would require a full authentication cycle. This fixes this for WPA2 networks with RSN preauthentication enabled. This change should be applied to AA as well as trunk. TL DR; The issue described on the forum has to do with failure of a STA being able to try to authenticate again with the AP if it failed its first try. This may have been an issue with hostapd in 2009 but as per some tests I cannot reproduce this today on a WPA2 network. The issue described on the ticket alludes to a security issue with the design of using a Radius server to authenticate to an AP. The issue vaguely alludes to the circumstances of zapping a user, deleting their authentication credentials to log in to the network, and that if RSN preauthentication is enabled with PMKSA caching that the user that was zapped would still be able to authenticate. Lets treat these as separate issues. I cannot reproduce the first issue reported on the forums of not being able to authenticate anymore on a WPA2 network. The issue reported on the ticket modified WPA2 RSN preauthentication by adding two fields to the hostapd configuration if auth_cache was enabled: * disable_pmksa_caching=1 * okc=0 The first one disables PMKSA authentication cache. The second one disables Opportunistic Key Caching. The issue reported on the ticket was fixed by implementing a workaround in hostapd's configuration. Disabling PMKSA caching breaks proper use of WPA2 RSN pre authentication. The usage of disable_pmksa_caching=1 prevents hostapd from adding PMKSA entries into its cache when a successful 802.1x authentication occurs. In practice RSN preauthentication would trigger a STA to perform authentication with other APs on the same SSID, it would then have its own supplicant PMKSA cache held. If a STA roams between one AP to another no new authenitcation would need to be performed as the new AP would already have authenticated the STA. The purpose of the PMKSA cache on the AP side would be for the AP to use the same PMKID for a STA when the STA roams off onto another BSSID and later comes back to it. Disabling Opportunistic Key Caching could help the reported issue as well but its not the correct place to address this. Opportunistic Key Caching enables an AP with different interfaces to share the PMKSA cache. Its a technical enhancement and disabling it would be useful to let a testing suite properly test for RSN preauthentication given that otherwise Opportunistic Key Caching would enable an interface being tested to derive its own derive the PMKSA entry. In production though okc=1 should be enabled to help with RSN preauthentication. The real fix for this particular issue outside of the scope of hostapd's configuration and it should not be dealt with as a workaround to its configuration and breaking expected RSN preauthentication and technical optimizations. Revert this change and enable users to pick and choose to enable or disable disable_pmksa_caching and okc expecting them to instead have read clearly more what these do. As for the core issure ported, the correct place to fix this is to enable a sort of messaging between the RADIUS server and its peers so that if caching for authentication is enabled that cache can be cleared upon user credential updates. Updating a user password (not just zapping a user) is another possible issue that would need to be resolved here. Another part of the solution might be to reduce the cache timing to account for any systematic limitations (RADIUS server not able to ask peers to clear cache might be one). [0] https://dev.openwrt.org/changeset/33359 [1] https://forum.openwrt.org/viewtopic.php?id=19596 [2] http://wireless.kernel.org/en/users/Documentation/hostapd#IEEE_802.11i.2FRSN.2FWPA2_pre-authentication [3] http://wireless.kernel.org/en/users/Documentation/wpa_supplicant#RSN_preauthentication [4] http://wiki.openwrt.org/doc/recipes/rsn_preauthentication Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> SVN-Revision: 38336
11 years ago
# RSN -> allow preauthentication. You have two
# options, rsn_preauth for production or rsn_preauth_testing
# for validation / testing.
hostapd: Allow rsn_preauth configuration Hostapd can allow preauthentication for WPA2-EAP networks when the interfaces through which preauthentication is allowed are configured. Add a new param "rsn_preauth=0/1" to the configuration that enables or disables preauthentication on the according bridge interface. Preauthentication for unbridged networks is not considered in this patch. Cc: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 24721
14 years ago
if [ -n "$bridge" -a "$rsn_preauth" = 1 ]
then
append "$var" "rsn_preauth=1" "$N"
append "$var" "rsn_preauth_interfaces=$bridge" "$N"
hostapd: fix hostapd RSN preauthentication PMKSA caching In 2009 OpenWrt's hostapd config added an "auth_cache" boolean to be used to address a reported issue #12129 [0] on a forum [1]. The reported issue on the ticket is different that the one described on the forum. The commit was r33359. This change broke proper RSN preauthentication [2] [3] [4] expectations on hostapd's configuration for WPA2 and this in turn disabled PMKSA caching and Opportunistic Key Caching. This change: * Leaves the "auth_cache" to be used only for WPA networks for those looking to use this as a workaround to a reported issue but annotates a warning over its usage. * Separate "auth_cache" from WPA2 RSN preauthentication, leaving WPA2 RSN preauthentication to enabled only with "rsn_preauth" with the expected and recommended settings. * Adds a new WPA2 RSN preauthentication "rsn_preauth_testing" to be used when evaluating funcionality for WPA2 RSN preauthentication with the expected and recommended settings with the only difference so far with what should be enabled by default to disable Opportunistic Key Caching. Disabling the PMKSA cache should mean the STA could not roam off and back onto the AP that had PMKSA caching disabled and would require a full authentication cycle. This fixes this for WPA2 networks with RSN preauthentication enabled. This change should be applied to AA as well as trunk. TL DR; The issue described on the forum has to do with failure of a STA being able to try to authenticate again with the AP if it failed its first try. This may have been an issue with hostapd in 2009 but as per some tests I cannot reproduce this today on a WPA2 network. The issue described on the ticket alludes to a security issue with the design of using a Radius server to authenticate to an AP. The issue vaguely alludes to the circumstances of zapping a user, deleting their authentication credentials to log in to the network, and that if RSN preauthentication is enabled with PMKSA caching that the user that was zapped would still be able to authenticate. Lets treat these as separate issues. I cannot reproduce the first issue reported on the forums of not being able to authenticate anymore on a WPA2 network. The issue reported on the ticket modified WPA2 RSN preauthentication by adding two fields to the hostapd configuration if auth_cache was enabled: * disable_pmksa_caching=1 * okc=0 The first one disables PMKSA authentication cache. The second one disables Opportunistic Key Caching. The issue reported on the ticket was fixed by implementing a workaround in hostapd's configuration. Disabling PMKSA caching breaks proper use of WPA2 RSN pre authentication. The usage of disable_pmksa_caching=1 prevents hostapd from adding PMKSA entries into its cache when a successful 802.1x authentication occurs. In practice RSN preauthentication would trigger a STA to perform authentication with other APs on the same SSID, it would then have its own supplicant PMKSA cache held. If a STA roams between one AP to another no new authenitcation would need to be performed as the new AP would already have authenticated the STA. The purpose of the PMKSA cache on the AP side would be for the AP to use the same PMKID for a STA when the STA roams off onto another BSSID and later comes back to it. Disabling Opportunistic Key Caching could help the reported issue as well but its not the correct place to address this. Opportunistic Key Caching enables an AP with different interfaces to share the PMKSA cache. Its a technical enhancement and disabling it would be useful to let a testing suite properly test for RSN preauthentication given that otherwise Opportunistic Key Caching would enable an interface being tested to derive its own derive the PMKSA entry. In production though okc=1 should be enabled to help with RSN preauthentication. The real fix for this particular issue outside of the scope of hostapd's configuration and it should not be dealt with as a workaround to its configuration and breaking expected RSN preauthentication and technical optimizations. Revert this change and enable users to pick and choose to enable or disable disable_pmksa_caching and okc expecting them to instead have read clearly more what these do. As for the core issure ported, the correct place to fix this is to enable a sort of messaging between the RADIUS server and its peers so that if caching for authentication is enabled that cache can be cleared upon user credential updates. Updating a user password (not just zapping a user) is another possible issue that would need to be resolved here. Another part of the solution might be to reduce the cache timing to account for any systematic limitations (RADIUS server not able to ask peers to clear cache might be one). [0] https://dev.openwrt.org/changeset/33359 [1] https://forum.openwrt.org/viewtopic.php?id=19596 [2] http://wireless.kernel.org/en/users/Documentation/hostapd#IEEE_802.11i.2FRSN.2FWPA2_pre-authentication [3] http://wireless.kernel.org/en/users/Documentation/wpa_supplicant#RSN_preauthentication [4] http://wiki.openwrt.org/doc/recipes/rsn_preauthentication Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> SVN-Revision: 38336
11 years ago
append "$var" "okc=1" "$N"
else
# RSN preauthentication testings hould disable
# Opportunistic Key Caching (okc) as otherwise the PMKSA
# entry for a test could come from the Opportunistic Key Caching
config_get rsn_preauth_testing "$vif" rsn_preauth_testing
if [ -n "$bridge" -a "$rsn_preauth_testing" = 1 ]
then
append "$var" "rsn_preauth=1" "$N"
append "$var" "rsn_preauth_interfaces=$bridge" "$N"
append "$var" "okc=0" "$N"
fi
hostapd: Allow rsn_preauth configuration Hostapd can allow preauthentication for WPA2-EAP networks when the interfaces through which preauthentication is allowed are configured. Add a new param "rsn_preauth=0/1" to the configuration that enables or disables preauthentication on the according bridge interface. Preauthentication for unbridged networks is not considered in this patch. Cc: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 24721
14 years ago
fi
# RSN -> allow management frame protection
config_get ieee80211w "$vif" ieee80211w
case "$ieee80211w" in
[012])
append "$var" "ieee80211w=$ieee80211w" "$N"
[ "$ieee80211w" -gt "0" ] && {
config_get ieee80211w_max_timeout "$vif" ieee80211w_max_timeout
config_get ieee80211w_retry_timeout "$vif" ieee80211w_retry_timeout
[ -n "$ieee80211w_max_timeout" ] && \
append "$var" "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
[ -n "$ieee80211w_retry_timeout" ] && \
append "$var" "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N"
}
;;
esac
fi
mac80211, hostapd: Fix macfilter for multi bssid setups Previously only the first macfilter configuration would have been used on all interfaces. However, the configuration was always done per vif already. Hence, move the macfilter setup into hostapd.sh where and create one mac list file per vif. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 34470
12 years ago
hostapd: correctly handle macfile uci option Make hostapd.sh correctly handle the macfile uci option. Such option specifies the macfile name to pass into the hostapd configuration file. Moreover, if a maclist option has been specified, copy the macfile before appending new entries. Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> SVN-Revision: 36944
11 years ago
config_get macfile "$vif" macfile
config_get maclist "$vif" maclist
if [ -z "$macfile" ]
then
# if no macfile has been specified, fallback to the default name
hostapd: truncate default mac file before adding entries to it (#13797) SVN-Revision: 37114
11 years ago
# and truncate file to avoid aggregating entries over time
hostapd: correctly handle macfile uci option Make hostapd.sh correctly handle the macfile uci option. Such option specifies the macfile name to pass into the hostapd configuration file. Moreover, if a maclist option has been specified, copy the macfile before appending new entries. Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> SVN-Revision: 36944
11 years ago
macfile="/var/run/hostapd-$ifname.maclist"
hostapd: truncate default mac file before adding entries to it (#13797) SVN-Revision: 37114
11 years ago
echo "" > "$macfile"
hostapd: correctly handle macfile uci option Make hostapd.sh correctly handle the macfile uci option. Such option specifies the macfile name to pass into the hostapd configuration file. Moreover, if a maclist option has been specified, copy the macfile before appending new entries. Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> SVN-Revision: 36944
11 years ago
else
if [ -n "$maclist" ]
then
# to avoid to overwrite the original file, make a copy
# before appending the entries specified by the maclist
# option
cp $macfile $macfile.maclist
macfile=$macfile.maclist
fi
fi
if [ -n "$maclist" ]
then
for mac in $maclist; do
echo "$mac" >> $macfile
done
fi
mac80211, hostapd: Fix macfilter for multi bssid setups Previously only the first macfilter configuration would have been used on all interfaces. However, the configuration was always done per vif already. Hence, move the macfilter setup into hostapd.sh where and create one mac list file per vif. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 34470
12 years ago
hostapd: correctly handle macfile uci option Make hostapd.sh correctly handle the macfile uci option. Such option specifies the macfile name to pass into the hostapd configuration file. Moreover, if a maclist option has been specified, copy the macfile before appending new entries. Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> SVN-Revision: 36944
11 years ago
config_get macfilter "$vif" macfilter
mac80211, hostapd: Fix macfilter for multi bssid setups Previously only the first macfilter configuration would have been used on all interfaces. However, the configuration was always done per vif already. Hence, move the macfilter setup into hostapd.sh where and create one mac list file per vif. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 34470
12 years ago
case "$macfilter" in
allow)
append "$var" "macaddr_acl=1" "$N"
append "$var" "accept_mac_file=$macfile" "$N"
;;
deny)
append "$var" "macaddr_acl=0" "$N"
append "$var" "deny_mac_file=$macfile" "$N"
;;
esac
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
}
hostapd: introduce options to configure the logging behaviour. The config wifi-device section gains the following settings: * log_level (2) - Defines the minimum message level * log_80211 (true) - Log 802.11 events * log_8021x (true) - Log 802.1X events * log_radius (true) - Log RADIUS events * log_wpa (true) - Log WPA events * log_driver (true) - Log driver interface messages * log_iapp (true) - Log IAPP events * log_mlme (true) - Log MLME events SVN-Revision: 28056
13 years ago
hostapd_set_log_options() {
local var="$1"
local cfg="$2"
local log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme
config_get log_level "$cfg" log_level 2
config_get_bool log_80211 "$cfg" log_80211 1
config_get_bool log_8021x "$cfg" log_8021x 1
config_get_bool log_radius "$cfg" log_radius 1
config_get_bool log_wpa "$cfg" log_wpa 1
config_get_bool log_driver "$cfg" log_driver 1
config_get_bool log_iapp "$cfg" log_iapp 1
config_get_bool log_mlme "$cfg" log_mlme 1
local log_mask=$(( \
($log_80211 << 0) | \
($log_8021x << 1) | \
($log_radius << 2) | \
($log_wpa << 3) | \
($log_driver << 4) | \
($log_iapp << 5) | \
($log_mlme << 6) \
))
append "$var" "logger_syslog=$log_mask" "$N"
append "$var" "logger_syslog_level=$log_level" "$N"
append "$var" "logger_stdout=$log_mask" "$N"
append "$var" "logger_stdout_level=$log_level" "$N"
}
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
hostapd_setup_vif() {
local vif="$1"
local driver="$2"
hostapd: introduce options to configure the logging behaviour. The config wifi-device section gains the following settings: * log_level (2) - Defines the minimum message level * log_80211 (true) - Log 802.11 events * log_8021x (true) - Log 802.1X events * log_radius (true) - Log RADIUS events * log_wpa (true) - Log WPA events * log_driver (true) - Log driver interface messages * log_iapp (true) - Log IAPP events * log_mlme (true) - Log MLME events SVN-Revision: 28056
13 years ago
local ifname device channel hwmode
mac80211: restructure /lib/wifi/mac80211.sh use the new multi-bss single instance hostapd mode move mac80211 specific bits out of /lib/wifi/hostapd.sh add a new option 'htmode' for switching between HT20 and HT40+,HT40- SVN-Revision: 19235
15 years ago
hostapd_cfg=
config_get ifname "$vif" ifname
Fix hostapd with open access point and per-device configuration, thanks sn9 SVN-Revision: 12375
16 years ago
config_get device "$vif" device
config_get channel "$device" channel
hostapd,madwifi: rename agmode option to hwmode. 11a and 11g aren't the only allowed values SVN-Revision: 13790
16 years ago
config_get hwmode "$device" hwmode
hostapd: introduce options to configure the logging behaviour. The config wifi-device section gains the following settings: * log_level (2) - Defines the minimum message level * log_80211 (true) - Log 802.11 events * log_8021x (true) - Log 802.1X events * log_radius (true) - Log RADIUS events * log_wpa (true) - Log WPA events * log_driver (true) - Log driver interface messages * log_iapp (true) - Log IAPP events * log_mlme (true) - Log MLME events SVN-Revision: 28056
13 years ago
hostapd_set_log_options hostapd_cfg "$device"
hostapd_set_bss_options hostapd_cfg "$vif"
hostapd only supports either b or g as hwmode configuration variable. If bg is set the scripts transfers it now to g mode. SVN-Revision: 15182
15 years ago
case "$hwmode" in
hostapd: fixup madwifi turbo modes (#7060) SVN-Revision: 20675
14 years ago
*bg|*gdt|*gst|*fh) hwmode=g;;
*adt|*ast) hwmode=a;;
hostapd only supports either b or g as hwmode configuration variable. If bg is set the scripts transfers it now to g mode. SVN-Revision: 15182
15 years ago
esac
wifi: fix hostapd + autochannel SVN-Revision: 15055
15 years ago
[ "$channel" = auto ] && channel=
[ -n "$channel" -a -z "$hwmode" ] && wifi_fixup_hwmode "$device"
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
cat > /var/run/hostapd-$ifname.conf <<EOF
driver=$driver
interface=$ifname
hostapd: always strip "11" from hwmode value SVN-Revision: 20363
14 years ago
${hwmode:+hw_mode=${hwmode#11}}
wifi: fix hostapd + autochannel SVN-Revision: 15055
15 years ago
${channel:+channel=$channel}
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
$hostapd_cfg
hostapd: do not configure wme when using madwifi - fixes wpa/wpa2 association problems SVN-Revision: 18051
15 years ago
EOF
fix typo SVN-Revision: 13084
16 years ago
hostapd -P /var/run/wifi-$ifname.pid -B /var/run/hostapd-$ifname.conf
move hostapd setup function to wireless-tools package, as it is driver independent SVN-Revision: 5890
18 years ago
}