From 98d91e4d5ee1bdc13764b14eb6d2784dfb2cac3c Mon Sep 17 00:00:00 2001 From: Bernd Naumann Date: Wed, 16 Feb 2022 23:07:09 +0100 Subject: [PATCH 01/10] hostapd: Radius based VLANs on AP with PSK This patch allows the user to set `auth_server` and related settings on non WPA2 Enterprise AP modes in `/etc/config/wireless`, too, so the Radius Attributes for Dynamic VLAN Assignment can be fetched from Radius. Without this patch, `auth_server` and other needed options are only written to `hostapd-phy.conf` when `option encryption wpa2` is set. `hostapd` however supports "Station MAC address -based authentication" for non WPA Enterprise Modes, too. A classic approch is to use `accept_mac_file` which contains MAC addr and VLAN-ID pairs. But, using `accept_mac_file` does not support VLAN assignment for unknown stations. This is a sample `freeradius3` config, where a known station ("7e:a6:a7:2a:93:d2") is assigned to VLAN `65` and unknown stations are assigned to VLAN `67`. ``` "7ea6a72a93d2" Cleartext-Password := "7ea6a72a93d2" Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-Id = 65 DEFAULT Cleartext-Password := "%{User-Name}" Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-Id = 67 ``` Other option is to configure known stations via `accept_mac_file` and using only Radius for unknown stations. I tested this patch only with `wpa_key_mgmt=WPA-PSK`, and assumed that it should work with other Encryption/Access Mode, too. Signed-off-by: Bernd Naumann --- .../network/services/hostapd/files/hostapd.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index f7c21a1513..e5f816a55b 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -742,6 +742,25 @@ hostapd_set_bss_options() { ;; esac + case "$auth_type" in + none|owe|psk|sae|psk-sae|wep) + json_get_vars \ + auth_server auth_port auth_secret \ + ownip radius_client_addr + + [ -n "$auth_server" ] && { + set_default auth_port 1812 + + append bss_conf "auth_server_addr=$auth_server" "$N" + append bss_conf "auth_server_port=$auth_port" "$N" + [ -n "$auth_secret" ] && append bss_conf "auth_server_shared_secret=$auth_secret" "$N" + [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N" + [ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N" + append bss_conf "macaddr_acl=2" "$N" + } + ;; + esac + local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open)) append bss_conf "auth_algs=${auth_algs:-1}" "$N" append bss_conf "wpa=$wpa" "$N" From c35ff1affe8f347b60a7539648a90b45ad43ffef Mon Sep 17 00:00:00 2001 From: David Bauer Date: Thu, 12 May 2022 22:18:49 +0200 Subject: [PATCH 02/10] hostapd: update to 2022-05-08 Update hostapd to Git HEAD from 2022-05-08. This allows us to take advantage of background radar-detection as well as BSS color collision detection. Suggested-by: Lorenzo Bianconi Signed-off-by: David Bauer Tested-by: Stijn Tintel --- package/network/services/hostapd/Makefile | 6 +- .../hostapd/files/wpa_supplicant-p2p.config | 2 +- .../patches/340-reload_freq_change.patch | 3 +- .../patches/350-nl80211_del_beacon_bss.patch | 32 ++----- .../patches/420-indicate-features.patch | 33 +++---- ...750-qos_map_set_without_interworking.patch | 89 ++++++++----------- ..._AP-functions-dependant-on-CONFIG_AP.patch | 38 ++++++++ .../services/hostapd/src/src/ap/ubus.c | 3 + 8 files changed, 107 insertions(+), 99 deletions(-) create mode 100644 package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 584695786f..a4640f1197 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -9,9 +9,9 @@ PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2022-01-16 -PKG_SOURCE_VERSION:=cff80b4f7d3c0a47c052e8187d671710f48939e4 -PKG_MIRROR_HASH:=712965bfa11a2e601d3e1c9a51a2cf3cffc6db89abafb3df3eb0cfd83c64705b +PKG_SOURCE_DATE:=2022-05-08 +PKG_SOURCE_VERSION:=b859b9bceadccd882252ff0aa2fdba0d3b91764e +PKG_MIRROR_HASH:=4655a747c197d7622b41865203d6601a080b9750fcd68073688cbb6076d13894 PKG_MAINTAINER:=Felix Fietkau PKG_LICENSE:=BSD-3-Clause diff --git a/package/network/services/hostapd/files/wpa_supplicant-p2p.config b/package/network/services/hostapd/files/wpa_supplicant-p2p.config index 48302bb4c3..0dcc88e648 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-p2p.config +++ b/package/network/services/hostapd/files/wpa_supplicant-p2p.config @@ -622,4 +622,4 @@ CONFIG_UBUS=y # OpenWrt patch 380-disable-ctrl-iface-mib.patch # leads to the MIB only being compiled in if # CONFIG_CTRL_IFACE_MIB is enabled. -#CONFIG_CTRL_IFACE_MIB=y +CONFIG_CTRL_IFACE_MIB=y diff --git a/package/network/services/hostapd/patches/340-reload_freq_change.patch b/package/network/services/hostapd/patches/340-reload_freq_change.patch index 3d51a47a1e..89259f2f44 100644 --- a/package/network/services/hostapd/patches/340-reload_freq_change.patch +++ b/package/network/services/hostapd/patches/340-reload_freq_change.patch @@ -1,6 +1,6 @@ --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -115,6 +115,28 @@ static void hostapd_reload_bss(struct ho +@@ -115,6 +115,29 @@ static void hostapd_reload_bss(struct ho #endif /* CONFIG_NO_RADIUS */ ssid = &hapd->conf->ssid; @@ -12,6 +12,7 @@ + hapd->iconf->ieee80211n, + hapd->iconf->ieee80211ac, + hapd->iconf->ieee80211ax, ++ hapd->iconf->ieee80211be, + hapd->iconf->secondary_channel, + hostapd_get_oper_chwidth(hapd->iconf), + hostapd_get_oper_centr_freq_seg0_idx(hapd->iconf), diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch index 35567838f5..8a2beb312f 100644 --- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch @@ -1,24 +1,20 @@ --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -2931,10 +2931,15 @@ static int wpa_driver_nl80211_del_beacon - struct nl_msg *msg; +@@ -2932,11 +2932,11 @@ static int wpa_driver_nl80211_del_beacon struct wpa_driver_nl80211_data *drv = bss->drv; -+ if (!bss->beacon_set) -+ return 0; -+ -+ bss->beacon_set = 0; -+ wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)", - drv->ifindex); + bss->ifindex); + bss->beacon_set = 0; + bss->freq = 0; nl80211_put_wiphy_data_ap(bss); - msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON); -+ msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON); ++ msg = nl80211_bss_msg(drv, 0, NL80211_CMD_DEL_BEACON); return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL); } -@@ -5617,7 +5622,7 @@ static void nl80211_teardown_ap(struct i +@@ -5650,7 +5650,7 @@ static void nl80211_teardown_ap(struct i nl80211_mgmt_unsubscribe(bss, "AP teardown"); nl80211_put_wiphy_data_ap(bss); @@ -27,7 +23,7 @@ } -@@ -8071,8 +8076,6 @@ static int wpa_driver_nl80211_if_remove( +@@ -8104,8 +8104,6 @@ static int wpa_driver_nl80211_if_remove( } else { wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); nl80211_teardown_ap(bss); @@ -36,19 +32,3 @@ nl80211_destroy_bss(bss); if (!bss->added_if) i802_set_iface_flags(bss, 0); -@@ -8469,7 +8472,6 @@ static int wpa_driver_nl80211_deinit_ap( - if (!is_ap_interface(drv->nlmode)) - return -1; - wpa_driver_nl80211_del_beacon(bss); -- bss->beacon_set = 0; - - /* - * If the P2P GO interface was dynamically added, then it is -@@ -8489,7 +8491,6 @@ static int wpa_driver_nl80211_stop_ap(vo - if (!is_ap_interface(drv->nlmode)) - return -1; - wpa_driver_nl80211_del_beacon(bss); -- bss->beacon_set = 0; - return 0; - } - diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch index f9dff66073..80d945ca16 100644 --- a/package/network/services/hostapd/patches/420-indicate-features.patch +++ b/package/network/services/hostapd/patches/420-indicate-features.patch @@ -1,23 +1,24 @@ --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -15,6 +15,7 @@ - #include "utils/common.h" - #include "utils/eloop.h" - #include "utils/uuid.h" -+#include "utils/build_features.h" - #include "crypto/random.h" - #include "crypto/tls.h" - #include "common/version.h" -@@ -691,7 +692,7 @@ int main(int argc, char *argv[]) +@@ -31,7 +31,7 @@ + #include "config_file.h" + #include "eap_register.h" + #include "ctrl_iface.h" +- ++#include "build_features.h" + + struct hapd_global { + void **drv_priv; +@@ -692,7 +692,7 @@ int main(int argc, char *argv[]) wpa_supplicant_event = hostapd_wpa_event; wpa_supplicant_event_global = hostapd_wpa_event_global; for (;;) { -- c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:"); -+ c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:g:G:v::"); +- c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:q"); ++ c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:qv::"); if (c < 0) break; switch (c) { -@@ -728,6 +729,8 @@ int main(int argc, char *argv[]) +@@ -729,6 +729,8 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DEBUG_LINUX_TRACING */ case 'v': @@ -25,7 +26,7 @@ + exit(!has_feature(optarg)); show_version(); exit(1); - break; + case 'g': --- a/wpa_supplicant/main.c +++ b/wpa_supplicant/main.c @@ -12,6 +12,7 @@ @@ -33,10 +34,10 @@ #include "common.h" +#include "build_features.h" + #include "crypto/crypto.h" #include "fst/fst.h" #include "wpa_supplicant_i.h" - #include "driver_i.h" -@@ -202,7 +203,7 @@ int main(int argc, char *argv[]) +@@ -203,7 +204,7 @@ int main(int argc, char *argv[]) for (;;) { c = getopt(argc, argv, @@ -45,7 +46,7 @@ if (c < 0) break; switch (c) { -@@ -305,8 +306,12 @@ int main(int argc, char *argv[]) +@@ -306,8 +307,12 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ case 'v': diff --git a/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch b/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch index 43a4ea73b3..43360fb2e7 100644 --- a/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch +++ b/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch @@ -1,6 +1,6 @@ --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -1644,6 +1644,8 @@ static int parse_anqp_elem(struct hostap +@@ -1598,6 +1598,8 @@ static int parse_anqp_elem(struct hostap return 0; } @@ -9,7 +9,7 @@ static int parse_qos_map_set(struct hostapd_bss_config *bss, char *buf, int line) -@@ -1685,8 +1687,6 @@ static int parse_qos_map_set(struct host +@@ -1639,8 +1641,6 @@ static int parse_qos_map_set(struct host return 0; } @@ -18,7 +18,7 @@ #ifdef CONFIG_HS20 static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf, -@@ -4077,10 +4077,10 @@ static int hostapd_config_fill(struct ho +@@ -4040,10 +4040,10 @@ static int hostapd_config_fill(struct ho bss->gas_frag_limit = val; } else if (os_strcmp(buf, "gas_comeback_delay") == 0) { bss->gas_comeback_delay = atoi(pos); @@ -32,7 +32,7 @@ os_free(bss->dump_msk_file); --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -1415,6 +1415,7 @@ static int hostapd_setup_bss(struct host +@@ -1423,6 +1423,7 @@ static int hostapd_setup_bss(struct host wpa_printf(MSG_ERROR, "GAS server initialization failed"); return -1; } @@ -40,7 +40,7 @@ if (conf->qos_map_set_len && hostapd_drv_set_qos_map(hapd, conf->qos_map_set, -@@ -1422,7 +1423,6 @@ static int hostapd_setup_bss(struct host +@@ -1430,7 +1431,6 @@ static int hostapd_setup_bss(struct host wpa_printf(MSG_ERROR, "Failed to initialize QoS Map"); return -1; } @@ -48,26 +48,42 @@ if (conf->bss_load_update_period && bss_load_update_init(hapd)) { wpa_printf(MSG_ERROR, "BSS Load initialization failed"); ---- a/src/ap/drv_callbacks.c -+++ b/src/ap/drv_callbacks.c -@@ -271,12 +271,10 @@ int hostapd_notif_assoc(struct hostapd_d - } - #endif /* NEED_AP_MLME */ +--- a/wpa_supplicant/events.c ++++ b/wpa_supplicant/events.c +@@ -2586,8 +2586,6 @@ void wnm_bss_keep_alive_deinit(struct wp + } + -#ifdef CONFIG_INTERWORKING - if (elems.ext_capab && elems.ext_capab_len > 4) { - if (elems.ext_capab[4] & 0x01) - sta->qos_map_enabled = 1; +- + static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map, + size_t len) + { +@@ -2620,8 +2618,6 @@ static void interworking_process_assoc_r } --#endif /* CONFIG_INTERWORKING */ + } - #ifdef CONFIG_HS20 - wpabuf_free(sta->hs20_ie); ---- a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -4129,13 +4129,11 @@ static u16 copy_supp_rates(struct hostap - static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta, - const u8 *ext_capab_ie, size_t ext_capab_ie_len) +-#endif /* CONFIG_INTERWORKING */ +- + + static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s, + const u8 *ies, size_t ies_len) +@@ -2954,10 +2950,8 @@ static int wpa_supplicant_event_associnf + wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies, + data->assoc_info.resp_ies_len); + #endif /* CONFIG_WNM */ +-#ifdef CONFIG_INTERWORKING + interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies, + data->assoc_info.resp_ies_len); +-#endif /* CONFIG_INTERWORKING */ + if (wpa_s->hw_capab == CAPAB_VHT && + get_ie(data->assoc_info.resp_ies, + data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP)) +--- a/src/ap/ieee802_11_shared.c ++++ b/src/ap/ieee802_11_shared.c +@@ -1098,13 +1098,11 @@ u8 * hostapd_eid_rsnxe(struct hostapd_da + u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta, + const u8 *ext_capab_ie, size_t ext_capab_ie_len) { -#ifdef CONFIG_INTERWORKING /* check for QoS Map support */ @@ -79,34 +95,3 @@ if (ext_capab_ie_len > 0) { sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2)); ---- a/wpa_supplicant/events.c -+++ b/wpa_supplicant/events.c -@@ -2540,8 +2540,6 @@ void wnm_bss_keep_alive_deinit(struct wp - } - - --#ifdef CONFIG_INTERWORKING -- - static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map, - size_t len) - { -@@ -2574,8 +2572,6 @@ static void interworking_process_assoc_r - } - } - --#endif /* CONFIG_INTERWORKING */ -- - - static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s, - const u8 *ies, size_t ies_len) -@@ -2908,10 +2904,8 @@ static int wpa_supplicant_event_associnf - wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies, - data->assoc_info.resp_ies_len); - #endif /* CONFIG_WNM */ --#ifdef CONFIG_INTERWORKING - interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies, - data->assoc_info.resp_ies_len); --#endif /* CONFIG_INTERWORKING */ - if (wpa_s->hw_capab == CAPAB_VHT && - get_ie(data->assoc_info.resp_ies, - data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP)) diff --git a/package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch b/package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch new file mode 100644 index 0000000000..3665c6c33f --- /dev/null +++ b/package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch @@ -0,0 +1,38 @@ +From f0e9f5aab52b3eab85d28338cc996972ced4c39c Mon Sep 17 00:00:00 2001 +From: David Bauer +Date: Tue, 17 May 2022 23:07:59 +0200 +Subject: [PATCH] ctrl: make WNM_AP functions dependant on CONFIG_AP + +This fixes linking errors found when compiling wpa_supplicant with +CONFIG_WNM_AP enabled but CONFIG_AP disabled. + +Signed-off-by: David Bauer +--- + wpa_supplicant/ctrl_iface.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c +index ac337e0f5..6e23114e6 100644 +--- a/wpa_supplicant/ctrl_iface.c ++++ b/wpa_supplicant/ctrl_iface.c +@@ -12185,7 +12185,7 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, + if (wpas_ctrl_iface_coloc_intf_report(wpa_s, buf + 18)) + reply_len = -1; + #endif /* CONFIG_WNM */ +-#ifdef CONFIG_WNM_AP ++#if defined(CONFIG_AP) && defined(CONFIG_WNM_AP) + } else if (os_strncmp(buf, "DISASSOC_IMMINENT ", 18) == 0) { + if (ap_ctrl_iface_disassoc_imminent(wpa_s, buf + 18)) + reply_len = -1; +@@ -12195,7 +12195,7 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, + } else if (os_strncmp(buf, "BSS_TM_REQ ", 11) == 0) { + if (ap_ctrl_iface_bss_tm_req(wpa_s, buf + 11)) + reply_len = -1; +-#endif /* CONFIG_WNM_AP */ ++#endif /* CONFIG_AP && CONFIG_WNM_AP */ + } else if (os_strcmp(buf, "FLUSH") == 0) { + wpa_supplicant_ctrl_iface_flush(wpa_s); + } else if (os_strncmp(buf, "RADIO_WORK ", 11) == 0) { +-- +2.35.1 + diff --git a/package/network/services/hostapd/src/src/ap/ubus.c b/package/network/services/hostapd/src/src/ap/ubus.c index 7db3f9e720..5f598d1c2c 100644 --- a/package/network/services/hostapd/src/src/ap/ubus.c +++ b/package/network/services/hostapd/src/src/ap/ubus.c @@ -888,10 +888,13 @@ hostapd_switch_chan(struct ubus_context *ctx, struct ubus_object *obj, css.freq_params.ht_enabled, css.freq_params.vht_enabled, css.freq_params.he_enabled, + css.freq_params.eht_enabled, css.freq_params.sec_channel_offset, chwidth, seg0, seg1, iconf->vht_capab, mode ? &mode->he_capab[IEEE80211_MODE_AP] : + NULL, + mode ? &mode->eht_capab[IEEE80211_MODE_AP] : NULL); for (i = 0; i < hapd->iface->num_bss; i++) { From 6c152ce5b0c003099dc1d9076fc3c38d061c1137 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Sat, 14 May 2022 21:43:15 +0200 Subject: [PATCH 03/10] hostapd: randomize default BSS color In case no specific BSS color is configured, set it to a random value. Signed-off-by: David Bauer Tested-by: Stijn Tintel --- .../files/lib/netifd/wireless/mac80211.sh | 4 +++- ...tapd-config-support-random-BSS-color.patch | 24 +++++++++++++++++++ ...750-qos_map_set_without_interworking.patch | 2 +- 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch diff --git a/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh index 27eecf3a7f..3d0afb261f 100644 --- a/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh +++ b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh @@ -419,12 +419,14 @@ mac80211_hostapd_setup_base() { he_mac_cap=${he_mac_cap:2} append base_cfg "ieee80211ax=1" "$N" - [ -n "$he_bss_color" ] && append base_cfg "he_bss_color=$he_bss_color" "$N" [ "$hwmode" = "a" ] && { append base_cfg "he_oper_chwidth=$vht_oper_chwidth" "$N" append base_cfg "he_oper_centr_freq_seg0_idx=$vht_center_seg0" "$N" } + set_default he_bss_color 128 + append base_cfg "he_bss_color=$he_bss_color" "$N" + mac80211_add_he_capabilities \ he_su_beamformer:${he_phy_cap:6:2}:0x80:$he_su_beamformer \ he_su_beamformee:${he_phy_cap:8:2}:0x1:$he_su_beamformee \ diff --git a/package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch b/package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch new file mode 100644 index 0000000000..c0b01196c4 --- /dev/null +++ b/package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch @@ -0,0 +1,24 @@ +From c9304d3303d563ad6d2619f4e07864ed12f96889 Mon Sep 17 00:00:00 2001 +From: David Bauer +Date: Sat, 14 May 2022 21:41:03 +0200 +Subject: [PATCH] hostapd: config: support random BSS color + +Configure the HE BSS color to a random value in case the config defines +a BSS color which exceeds the max BSS color (63). + +Signed-off-by: David Bauer +--- + hostapd/config_file.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/hostapd/config_file.c ++++ b/hostapd/config_file.c +@@ -3485,6 +3485,8 @@ static int hostapd_config_fill(struct ho + } else if (os_strcmp(buf, "he_bss_color") == 0) { + conf->he_op.he_bss_color = atoi(pos) & 0x3f; + conf->he_op.he_bss_color_disabled = 0; ++ if (atoi(pos) > 63) ++ conf->he_op.he_bss_color = os_random() % 63 + 1; + } else if (os_strcmp(buf, "he_bss_color_partial") == 0) { + conf->he_op.he_bss_color_partial = atoi(pos); + } else if (os_strcmp(buf, "he_default_pe_duration") == 0) { diff --git a/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch b/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch index 43360fb2e7..ff1d076b37 100644 --- a/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch +++ b/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch @@ -18,7 +18,7 @@ #ifdef CONFIG_HS20 static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf, -@@ -4040,10 +4040,10 @@ static int hostapd_config_fill(struct ho +@@ -4042,10 +4042,10 @@ static int hostapd_config_fill(struct ho bss->gas_frag_limit = val; } else if (os_strcmp(buf, "gas_comeback_delay") == 0) { bss->gas_comeback_delay = atoi(pos); From 6ee4383350bc5b1920f81095f2ecd05b14e3bff6 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Sat, 14 May 2022 21:50:51 +0200 Subject: [PATCH 04/10] hostapd: ubus: add bss-color to get_status Add the current BSS color to hostapd get_status method. This field is set to -1 in case BSS color is not active for the BSS. Signed-off-by: David Bauer Tested-by: Stijn Tintel --- package/network/services/hostapd/src/src/ap/ubus.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/package/network/services/hostapd/src/src/ap/ubus.c b/package/network/services/hostapd/src/src/ap/ubus.c index 5f598d1c2c..1199098b1e 100644 --- a/package/network/services/hostapd/src/src/ap/ubus.c +++ b/package/network/services/hostapd/src/src/ap/ubus.c @@ -445,6 +445,12 @@ hostapd_bss_get_status(struct ubus_context *ctx, struct ubus_object *obj, blobmsg_add_u32(&b, "channel", channel); blobmsg_add_u32(&b, "op_class", op_class); blobmsg_add_u32(&b, "beacon_interval", hapd->iconf->beacon_int); +#ifdef CONFIG_IEEE80211AX + blobmsg_add_u32(&b, "bss_color", hapd->iface->conf->he_op.he_bss_color_disabled ? -1 : + hapd->iface->conf->he_op.he_bss_color); +#else + blobmsg_add_u32(&b, "bss_color", -1); +#endif snprintf(phy_name, 17, "%s", hapd->iface->phy); blobmsg_add_string(&b, "phy", phy_name); From b72c7db2293cf728851696e6370806cc3e0fa305 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Sun, 7 Nov 2021 22:25:07 +0100 Subject: [PATCH 05/10] hostapd: fix missing HS20 support for hostapd-full commit c3a4cddaaf45 ("hostapd: remove hostapd-hs20 variant") as well as commit 9f1927173ac6 ("hostapd: wpas: add missing config symbols") indicate hostapd-full should support Hotspot 2.0 already, but only wpa_supplicant (and wpad) do. How this happened is not really clear, as no commit adding support for Hotspot 2.0 is in the history. Fix this and add Hotspot 2.0 capability to hostapd-full. Signed-off-by: David Bauer --- package/network/services/hostapd/files/hostapd-full.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config index dbc2022550..4e942a60b2 100644 --- a/package/network/services/hostapd/files/hostapd-full.config +++ b/package/network/services/hostapd/files/hostapd-full.config @@ -316,7 +316,7 @@ CONFIG_INTERNAL_LIBTOMMATH=y CONFIG_INTERWORKING=y # Hotspot 2.0 -#CONFIG_HS20=y +CONFIG_HS20=y # Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file #CONFIG_SQLITE=y From e0cc5b9b3ae65113f0e0dd9249dae4776b65c503 Mon Sep 17 00:00:00 2001 From: Christian 'Ansuel' Marangi Date: Thu, 9 Jun 2022 00:40:47 +0200 Subject: [PATCH 06/10] wolfssl: set nonshared flag global libwolfssl-benchmark should NOT be compiled as nonshared but currently there is a bug where, on buildbot stage2, the package is recompiled to build libwolfssl-benchmark and the dependency change to the new libwolfssl version. Each dependant package will now depend on the new wolfssl package instead of the one previously on stage1 that has a different package HASH. Set the nonshared PKGFLAGS global while this gets investigated and eventually fixed. Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions") Signed-off-by: Christian 'Ansuel' Marangi --- package/libs/wolfssl/Makefile | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 3edd526364..7176995ec2 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -48,6 +48,15 @@ PKG_CONFIG_DEPENDS+=\ CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \ CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL +# +# libwolfssl-benchmark should NOT be compiled as nonshared but +# currently there is a bug where on buildbot stage2 the package +# is recompiled to build libwolfssl-benchmark and the dependency +# change to the new libwolfssl version. While this gets +# investigated, set the nonshared flag global +# +PKGFLAGS:=nonshared + include $(INCLUDE_DIR)/package.mk define Package/libwolfssl/Default @@ -60,7 +69,6 @@ endef define Package/libwolfssl $(call Package/libwolfssl/Default) TITLE:=wolfSSL library - PKGFLAGS:=nonshared MENU:=1 PROVIDES:=libcyassl DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user From eac1b8ab699eb3383e6d5d39b53fa9f32ee6eb60 Mon Sep 17 00:00:00 2001 From: Christian 'Ansuel' Marangi Date: Thu, 9 Jun 2022 01:35:45 +0200 Subject: [PATCH 07/10] Revert "wolfssl: set nonshared flag global" This reverts commit e0cc5b9b3ae65113f0e0dd9249dae4776b65c503. A better and correct solution was found. Signed-off-by: Christian 'Ansuel' Marangi --- package/libs/wolfssl/Makefile | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 7176995ec2..3edd526364 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -48,15 +48,6 @@ PKG_CONFIG_DEPENDS+=\ CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \ CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL -# -# libwolfssl-benchmark should NOT be compiled as nonshared but -# currently there is a bug where on buildbot stage2 the package -# is recompiled to build libwolfssl-benchmark and the dependency -# change to the new libwolfssl version. While this gets -# investigated, set the nonshared flag global -# -PKGFLAGS:=nonshared - include $(INCLUDE_DIR)/package.mk define Package/libwolfssl/Default @@ -69,6 +60,7 @@ endef define Package/libwolfssl $(call Package/libwolfssl/Default) TITLE:=wolfSSL library + PKGFLAGS:=nonshared MENU:=1 PROVIDES:=libcyassl DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user From d55f12cc7925b7d84af80015cbeb0422dd7e0b36 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Wed, 8 Jun 2022 20:30:39 -0300 Subject: [PATCH 08/10] wolfssl: make WOLFSSL_HAS_OPENVPN default to y Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build the now non-shared package, openvpn will not be selected, and WolfSSL will be built without it. Then phase2 bots have CONFIG_ALL=y, which will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This changes the version hash, causing dependency failures, as shared packages expect the phase2 hash. Fixes: #9738 Signed-off-by: Eneas U de Queiroz --- package/libs/wolfssl/Config.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index f495a90ff6..3d264e7743 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -53,7 +53,7 @@ config WOLFSSL_HAS_ECC25519 config WOLFSSL_HAS_OPENVPN bool "Include OpenVPN support" - default n + default y config WOLFSSL_ALT_NAMES bool "Include SAN (Subject Alternative Name) support" From ab1f3a87063b94f485bd582f32a066b80007bac9 Mon Sep 17 00:00:00 2001 From: Christian 'Ansuel' Marangi Date: Thu, 9 Jun 2022 14:13:09 +0200 Subject: [PATCH 09/10] prereq-build: add additional git detection With some OS (Guix) the git submodule command is wrapped in a script. Current logic parse the git submodule script directly. If it's wrapped the prereq check wrongly fails while 'git submodule --recursive' is actually available. Add an additional check that try to directly use the 'git submodule' command to check if the prereq is satisfied. Fixes: #9986 Reported-by: Attila Lendvai Suggested-by: Attila Lendvai Signed-off-by: Christian 'Ansuel' Marangi --- include/prereq-build.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/prereq-build.mk b/include/prereq-build.mk index e1918f0027..4a8c2b063a 100644 --- a/include/prereq-build.mk +++ b/include/prereq-build.mk @@ -177,7 +177,8 @@ $(eval $(call TestHostCommand,python3-distutils, \ $(STAGING_DIR_HOST)/bin/python3 -c 'import distutils')) $(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \ - git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule)) + git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule, \ + git submodule --help | grep -- --recursive)) $(eval $(call SetupHostCommand,file,Please install the 'file' package, \ file --version 2>&1 | grep file)) From 2a07270180ed0e295d854d6e9e59c78c40549efc Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Tue, 7 Jun 2022 13:26:43 +0200 Subject: [PATCH 10/10] octeon: add SUPPORTED_DEVICES to er/erlite Using the BOARD_NAME variable results for both er and erlite devices to identify themselfs as `er` and `erlite` (via `ubus call system board`). This is problematic when devices search for firmware upgrades since the OpenWrt profile is actually called `ubnt_edgerouter` and `ubnt_edgerouter-lite`. By adding the `SUPPORTED_DEVICE` a mapping is created to point devices called `er` or `erlite` to the corresponding profile. FIXES: https://github.com/openwrt/asu/issues/348 Signed-off-by: Paul Spooren --- target/linux/octeon/image/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/linux/octeon/image/Makefile b/target/linux/octeon/image/Makefile index f77159e1f9..23adb884f8 100644 --- a/target/linux/octeon/image/Makefile +++ b/target/linux/octeon/image/Makefile @@ -48,6 +48,7 @@ define Device/ubnt_edgerouter DEVICE_MODEL := EdgeRouter BOARD_NAME := er CMDLINE := $(ER_CMDLINE) + SUPPORTED_DEVICES += er endef TARGET_DEVICES += ubnt_edgerouter @@ -79,6 +80,7 @@ define Device/ubnt_edgerouter-lite DEVICE_MODEL := EdgeRouter Lite BOARD_NAME := erlite CMDLINE := $(ERLITE_CMDLINE) + SUPPORTED_DEVICES += erlite endef TARGET_DEVICES += ubnt_edgerouter-lite