summaryrefslogtreecommitdiff
path: root/package/network/services/hostapd
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: properly package wpa-supplicant-meshAlexis Green2016-10-311-1/+2
| | | | | | | | | Ensure that selecting the wpa-supplicant-mesh package actually packages the wpa_supplicant binary with SAE support and add missing dependency on OpenSSL. Signed-off-by: Alexis Green <alexis@cessp.it> [Jo-Philipp Wich: slightly reword commit message for clarity] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd support for VLANs through a file in addition to Radius.Petr Konecny2016-10-311-18/+25
| | | | Signed-off-by: Petr Konecny <pekon@google.com>
* network/services/hostapd: move whole files outside of patches and drop ↵Alexandru Ardelean2016-10-155-640/+631
| | | | | | | | | | Build/Prepare rule in favor of default one This more of a demo for the previous commit that comes with this one, where I added support for copying source from 'src' to the build dir(s). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* source: Switch to xz for packages and tools where possibleDaniel Engberg2016-10-061-2/+2
| | | | | | | | | | | * Change git packages to xz * Update mirror checksums in packages where they are used * Change a few source tarballs to xz if available upstream * Remove unused lines in packages we're touching, requested by jow- and blogic * We're relying more on xz-utils so add official mirror as primary source, master site as secondary. * Add SHA256 checksums to multiple git tarball packages Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* hostapd: make -mesh and -p2p variants depend on the cfg80211 symbolFelix Fietkau2016-10-051-3/+3
| | | | | | Avoids build failures when the nl80211 driver is disabled Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix regression breaking brcmfmacRafał Miłecki2016-09-134-7/+46
| | | | | | The latest update of hostapd broke brcmfmac due to upstream regression. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: update to version 2016-09-05Felix Fietkau2016-09-0823-198/+98
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix typo and indentation in ap_sta_support.patchJohannes Römer2016-09-051-2/+2
| | | | Signed-off-by: Johannes Römer <jroemer@posteo.net>
* hostapd: use printf to improve portability.Ash Benz2016-08-231-4/+4
| | | | Signed-off-by: Ash Benz <ash.benz@bk.ru>
* hostapd: Allow RADIUS accounting without 802.1xPetko Bordjukov2016-08-111-10/+9
| | | | | | | | RADIUS accounting can be used even when RADIUS authentication is not used. Move the accounting configuration outside of the EAP-exclusive sections. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
* hostapd: remove unused hostapd-common-old packageFelix Fietkau2016-08-053-606/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: remove hostap driverFelix Fietkau2016-07-316-7/+5
| | | | | | | It has been marked as broken for well over a month now and nobody has complained. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: backport mesh/ibss HT20/HT40 related fixFelix Fietkau2016-07-276-8/+69
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix an error on parsing radius_das_clientFelix Fietkau2016-07-212-1/+11
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix VLAN support in full wpad buildsFelix Fietkau2016-07-182-6/+16
| | | | | | Suppress -DCONFIG_NO_VLAN if CONFIG_IBSS_RSN is enabled Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add a WDS AP fix for reconnecting clientsFelix Fietkau2016-07-061-0/+25
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* packages: prefer http over git for git protocolHauke Mehrtens2016-06-221-1/+1
| | | | | | | | | In company networks everything except the http and https protocol is often causes problems, because the network administrators try to block everything else. To make it easier to use LEDE in company networks use the https/http protocol for git access when possible. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: fix breakage with non-nl80211 driversFelix Fietkau2016-06-152-15/+18
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix compilation error in wext backendJo-Philipp Wich2016-06-151-0/+10
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: implement fallback for incomplete survey dataFelix Fietkau2016-06-151-0/+45
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2016-06-15Felix Fietkau2016-06-1523-115/+115
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: Update to version 2016-05-05Michal Hrusecky2016-06-158-103/+180
| | | | | | Fixes CVE-2016-4476 and few possible memory leaks. Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-072-3/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* branding: add LEDE brandingJohn Crispin2016-03-242-4/+4
| | | | Signed-off-by: John Crispin <blogic@openwrt.org>
* hostapd.sh: Add support for "anonymous_identity" config fieldHauke Mehrtens2016-04-171-2/+3
| | | | | | | | | | | | | | | | | | The wpa_supplicant supports an "anonymous_identity" field, which some EAP networks require. From the documentation: anonymous_identity: Anonymous identity string for EAP (to be used as the unencrypted identity with EAP types that support different tunnelled identity, e.g., EAP-TTLS). This change modifies the hostapd.sh script to propagate this field from the UCI config to the wpa_supplicant.conf file. Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Reviewed-by: Manuel Munz <freifunk@somakoma.de> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49181
* hostapd: remove useless TLS provider selection override for ↵Felix Fietkau2016-01-281-2/+1
| | | | | | | | wpad-mesh/wpa_supplicant-mesh Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48537
* hostapd: fix mesh interface bridge handlingFelix Fietkau2016-01-285-10/+22
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48529
* hostapd: fix wpad-mesh and wpa-supplicant-mesh configuration issuesFelix Fietkau2016-01-282-417/+9
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48528
* hostapd: update to version 2016-01-15Felix Fietkau2016-01-2842-945/+243
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48527
* wpa_supplicant: add support for EAP-TLS phase2Felix Fietkau2016-01-191-2/+12
| | | | | | | | | Introduce config options client_cert2, priv_key2 and priv_key2_pwd used for EAP-TLS phase2 authentication in WPA-EAP client mode. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48345
* hostap/wpa_supplicant: enable EAP-FAST in -full buildsFelix Fietkau2016-01-192-0/+6
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48344
* wpa_supplicant: improve generating phase2 config line for WPA-EAPFelix Fietkau2016-01-181-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WPA-EAP supports several phase2 (=inner) authentication methods when using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first step towards the UCI model supporting EAP-FAST by this commit) The value of the auth config variable was previously expected to be directly parseable as the content of the 'phase2' option of wpa_supplicant. This exposed wpa_supplicant's internals, leaving it to view-level to set the value properly. Unfortunately, this is currently not the case, as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'. Users thus probably diverged and set auth to values like 'auth=MSCHAPV2' as a work-around. This behaviour isn't explicitely documented anywhere and is not quite intuitive... The phase2-string is now generated according to $eap_type and $auth, following the scheme also found in hostap's test-cases: http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py The old behaviour is also still supported for the sake of not breaking existing, working configurations. Examples: eap_type auth 'ttls' 'EAP-MSCHAPV2' -> phase2="autheap=MSCHAPV2" 'ttls' 'MSCHAPV2' -> phase2="auth=MSCHAPV2" 'peap' 'EAP-GTC' -> phase2="auth=GTC" Deprecated syntax supported for compatibility: 'ttls' 'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2" I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to the list of Authentication methods available. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48309
* hostapd: fix disassociation with FullMAC drivers and multi-BSSRafał Miłecki2016-01-111-0/+67
| | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 48202
* hostapd: fix post v2.4 security issuesFelix Fietkau2016-01-1011-0/+554
| | | | | | | | | | | | | | | | | | | | | | | - WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141) - EAP-pwd peer: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd server: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd peer: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd server: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146) - NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041) - WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use (CVE-2015-5310) - EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315) - EAP-pwd server: Fix last fragment length validation (CVE-2015-5314) - EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316) Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> SVN-Revision: 48185
* wpa_supplicant: set regulatory domain the same way as hostapdFelix Fietkau2016-01-031-0/+6
| | | | | | | | | | | | | In sta-only configuration, wpa_supplicant needs correct regulatory domain because otherwise it may skip channel of its AP during scan. Another alternative is to fix "iw reg set" in mac80211 netifd script. Currently it fails if some phy has private regulatory domain which matches configured one. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> SVN-Revision: 48099
* wpa-supplicant: Get 802.11s ssid information from option mesh_idJohn Crispin2015-11-241-0/+3
| | | | | | | | | | | | The scripts for authsae and iw use the option mesh_id to get set the "meshid" during a mesh join. But the script for wpad-mesh ignores the option mesh_id and instead uses the option ssid. Unify the mesh configuration and let the wpa_supplicant script also use the mesh_id from the configuration. Signed-off-by: Sven Eckelmann <sven@open-mesh.com> SVN-Revision: 47615
* hostapd: Use network_get_device instead of uci_get_stateFelix Fietkau2015-11-113-5/+13
| | | | | | | | This fixes the IAPP functionality. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com> SVN-Revision: 47455
* hostapd: add default value to eapol_version (#20641)Felix Fietkau2015-11-021-0/+1
| | | | | | | | | | | | | | r46861 introduced a new option eapol_version to hostapd, but did not provide a default value. When the option value is evaluated, the non-existing value causes errors to the systen log: "netifd: radio0: sh: out of range" Add a no-op default value 0 for eapol_version. Only values 1 or 2 are actually passed on, so 0 will not change the default action in hostapd. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 47361
* hostapd: wait longer for inactive client probe (empty data frame)Felix Fietkau2015-10-061-0/+11
| | | | | | | | | | | One second is not enough for some devices to ackowledge null data frame which is sent at the end of ap_max_inactivity interval. In particular, this causes severe Wi-Fi instability with Apple iPhone which may take up to 3 seconds to respond. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> SVN-Revision: 47149
* hostapd: check for banned client on association eventRafał Miłecki2015-09-281-0/+26
| | | | | | | | | | | When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so check for banned client in probe request handler won't ever be used. Since cfg80211 provides us info about STA associating let's put a check there. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 47064
* mac80211/hostapd: rework 802.11w driver support selection, do not hardcode ↵Felix Fietkau2015-09-142-1/+5
| | | | | | | | drivers in hostapd makefile Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 46903
* hostapd: Add eapol_version config optionFelix Fietkau2015-09-111-1/+6
| | | | | | | | | | | | | Add eapol_version to the openwrt wireless config ssid section. Only eapol_version=1 and 2 will get passed to hostapd, the default in hostapd is 2. This is only useful for really old client devices that don't accept eapol_version=2. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 46861
* hostapd: work around unconditional libopenssl build dependencyFelix Fietkau2015-09-111-1/+1
| | | | | | | | | | | As the OpenWrt build system only resolves build dependencies per directory, all hostapd variants were causing libopenssl to be downloaded and built, not only wpad-mesh. Fix this by applying the same workaround as in ustream-ssl. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> SVN-Revision: 46851
* hostapd: properly enable 802.11w supportFelix Fietkau2015-08-271-1/+1
| | | | | | | | | | | Add CONFIG_IEEE80211W variable to DRIVER_MAKEOPTS so that 802.11w support is properly compiled in full variant. This fixes #20179 Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org> SVN-Revision: 46737
* hostapd: Add vlan_file option to netifd.shJohn Crispin2015-08-171-1/+6
| | | | | | | | | | | | | Other VLAN related options are already being processed in netifd.sh but the vlan_file option is missing. This option allows the mapping of vlan IDs to network interfaces and will be used in dynamic VLAN feature for binding stations to interfaces based on VLAN assignments. The change is done similarly to the wpa_psk_file option. Signed-off-by: Gong Cheng <chengg11@yahoo.com> SVN-Revision: 46652
* buttons: make all button handler scripts return 0John Crispin2015-07-241-0/+2
| | | | | | | | this is required by the new button timeout feature Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 46471
* wpa-supplicant: add 802.11r client supportFelix Fietkau2015-07-152-2/+7
| | | | | | | | | | | | Add 802.11r client support to wpa_supplicant. It's only enabled in wpa_supplicant-full. hostapd gained 802.11r support in commit r45051. Tested on a TP-Link TL-WR710N sta psk client with two 802.11r enabled openwrt accesspoints (TP-Link TL-WDR3600). Signed-off-by: Stefan Hellermann <stefan@the2masters.de> SVN-Revision: 46377
* hostapd: move ht_coex variable to mac80211.sh, guarded by 802.11n supportFelix Fietkau2015-06-061-4/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45917
* hostapd: add a new option to control HT coexistance separate from noscanFelix Fietkau2015-06-022-6/+11
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45873
* hostapd: fix remote denial of service vulnerability in WMM action frame parsingFelix Fietkau2015-05-061-0/+36
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45619
generated by cgit v1.1 at 2025-03-30 22:12:22 +0000