diff --git a/package/network/services/hostapd/Config.in b/package/network/services/hostapd/Config.in
index 8f28eb2bd..c42620a44 100644
--- a/package/network/services/hostapd/Config.in
+++ b/package/network/services/hostapd/Config.in
@@ -73,11 +73,6 @@ config WPA_WOLFSSL
select WOLFSSL_HAS_SESSION_TICKET
select WOLFSSL_HAS_WPAS
-config DRIVER_WEXT_SUPPORT
- bool
- select KERNEL_WIRELESS_EXT
- default n
-
config DRIVER_11AC_SUPPORT
bool
default n
@@ -87,6 +82,10 @@ config DRIVER_11AX_SUPPORT
default n
select WPA_MBO_SUPPORT
+config DRIVER_11BE_SUPPORT
+ bool
+ default n
+
config WPA_ENABLE_WEP
bool "Enable support for unsecure and obsolete WEP"
help
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 582118c0f..46efe39bf 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -5,13 +5,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_RELEASE:=1.2
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2022-07-29
-PKG_SOURCE_VERSION:=b704dc72ef824dfdd96674b90179b274d1d38105
-PKG_MIRROR_HASH:=6c9dd359ef5a4595b6576e07928566d6864957c4af6466d641d6c3f7717f4689
+PKG_SOURCE_DATE:=2023-06-22
+PKG_SOURCE_VERSION:=599d00be9de2846c6ea18c1487d8329522ade22b
+PKG_MIRROR_HASH:=828810c558ea181e45ed0c8b940f5c41e55775e2979a15aed8cf0ab17dd7723c
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-3-Clause
@@ -25,9 +25,9 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_hostapd-basic \
CONFIG_PACKAGE_hostapd-mini \
CONFIG_WPA_RFKILL_SUPPORT \
- CONFIG_DRIVER_WEXT_SUPPORT \
CONFIG_DRIVER_11AC_SUPPORT \
CONFIG_DRIVER_11AX_SUPPORT \
+ CONFIG_DRIVER_11BE_SUPPORT \
CONFIG_WPA_ENABLE_WEP
PKG_BUILD_FLAGS:=gc-sections lto
@@ -80,13 +80,20 @@ ifneq ($(CONFIG_DRIVER_11AX_SUPPORT),)
HOSTAPD_IEEE80211AX:=y
endif
-CORE_DEPENDS = +ucode +libubus +libucode +ucode-mod-fs +ucode-mod-nl80211 +ucode-mod-rtnl +ucode-mod-ubus +ucode-mod-uloop +libblobmsg-json
+ifneq ($(CONFIG_DRIVER_11BE_SUPPORT),)
+ HOSTAPD_IEEE80211BE:=y
+endif
+
+
+CORE_DEPENDS = +ucode +libucode \
+ +ucode-mod-fs +ucode-mod-nl80211 +ucode-mod-rtnl +ucode-mod-ubus +ucode-mod-uloop \
+ +libubus +libblobmsg-json
DRIVER_MAKEOPTS= \
CONFIG_ACS=y CONFIG_DRIVER_NL80211=y \
CONFIG_IEEE80211AC=$(HOSTAPD_IEEE80211AC) \
CONFIG_IEEE80211AX=$(HOSTAPD_IEEE80211AX) \
- CONFIG_DRIVER_WEXT=$(CONFIG_DRIVER_WEXT_SUPPORT) \
+ CONFIG_IEEE80211BE=$(HOSTAPD_IEEE80211BE) \
CONFIG_MBO=$(CONFIG_WPA_MBO_SUPPORT)
ifeq ($(SSL_VARIANT),openssl)
@@ -520,7 +527,7 @@ define Package/eapol-test/Default
SECTION:=net
SUBMENU:=WirelessAPD
CATEGORY:=Network
- DEPENDS:=$(DRV_DEPENDS) +libubus
+ DEPENDS:=$(DRV_DEPENDS) $(CORE_DEPENDS)
endef
define Package/eapol-test
@@ -585,8 +592,6 @@ TARGET_CPPFLAGS := \
-D_GNU_SOURCE \
$(if $(CONFIG_WPA_MSG_MIN_PRIORITY),-DCONFIG_MSG_MIN_PRIORITY=$(CONFIG_WPA_MSG_MIN_PRIORITY))
-TARGET_LDFLAGS += -lubox -lubus
-
TARGET_LDFLAGS += -lubox -lubus -lblobmsg_json -lucode -lm -lnl-tiny
ifdef CONFIG_WPA_ENABLE_WEP
@@ -672,8 +677,37 @@ define Build/Compile
$(Build/Compile/$(BUILD_VARIANT))
endef
+define Install/hostapd/full
+ $(INSTALL_DIR) $(1)/etc/init.d $(1)/etc/config $(1)/etc/radius
+ ln -sf hostapd $(1)/usr/sbin/hostapd-radius
+ $(INSTALL_BIN) ./files/radius.init $(1)/etc/init.d/radius
+ $(INSTALL_DATA) ./files/radius.config $(1)/etc/config/radius
+ $(INSTALL_DATA) ./files/radius.clients $(1)/etc/radius/clients
+ $(INSTALL_DATA) ./files/radius.users $(1)/etc/radius/users
+endef
+
+define Package/hostapd-full/conffiles
+/etc/config/radius
+/etc/radius
+endef
+
+ifeq ($(CONFIG_VARIANT),full)
+Package/wpad-mesh-openssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-mesh-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-mesh-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-openssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
+Package/hostapd/conffiles = $(Package/hostapd-full/conffiles)
+Package/hostapd-openssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/hostapd-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
+Package/hostapd-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
+endif
+
define Install/hostapd
$(INSTALL_DIR) $(1)/usr/sbin
+ $(if $(findstring full,$(CONFIG_VARIANT)),$(Install/hostapd/full))
endef
define Install/supplicant
diff --git a/package/network/services/hostapd/README.md b/package/network/services/hostapd/README.md
new file mode 100644
index 000000000..215086330
--- /dev/null
+++ b/package/network/services/hostapd/README.md
@@ -0,0 +1,419 @@
+# UBUS methods - hostapd
+
+## bss_mgmt_enable
+Enable 802.11k/v features.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| neighbor_report | bool | no | enable 802.11k neighbor reports |
+| beacon_report | bool | no | enable 802.11k beacon reports |
+| link_measurements | bool | no | enable 802.11k link measurements |
+| bss_transition | bool | no | enable 802.11v BSS transition support |
+
+### example
+`ubus call hostapd.wl5-fb bss_mgmt_enable '{ "neighbor_report": true, "beacon_report": true, "link_measurements": true, "bss_transition": true
+}'`
+
+
+## bss_transition_request
+Initiate an 802.11v transition request.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| addr | string | yes | client MAC address |
+| disassociation_imminent | bool | no | set Disassociation Imminent bit |
+| disassociation_timer | int32 | no | disassociate client if it doesn't roam after this time |
+| validity_period | int32 | no | validity of the BSS Transition Candiate List |
+| neighbors | array | no | BSS Transition Candidate List |
+| abridged | bool | no | prefer APs in the BSS Transition Candidate List |
+| dialog_token | int32 | no | identifier for the request/report transaction |
+| mbo_reason | int32 | no | MBO Transition Reason Code Attribute |
+| cell_pref | int32 | no | MBO Cellular Data Connection Preference Attribute |
+| reassoc_delay | int32 | no | MBO Re-association retry delay |
+
+### example
+`ubus call hostapd.wl5-fb bss_transition_request '{ "addr": "68:2F:67:8B:98:ED", "disassociation_imminent": false, "disassociation_timer": 0, "validity_period": 30, "neighbors": ["b6a7b9cbeebabf5900008064090603026a00"], "abridged": 1 }'`
+
+
+## config_add
+Dynamically load a BSS configuration from a file. This is used by netifd's mac80211 support script to configure BSSes on multiple PHYs in a single hostapd instance.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| iface | string | yes | WiFi interface name |
+| config | string | yes | path to hostapd config file |
+
+
+## config_remove
+Dynamically remove a BSS configuration.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| iface | string | yes | WiFi interface name |
+
+
+## del_client
+Kick a client off the network.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| addr | string | yes | client MAC address |
+| reason | int32 | no | 802.11 reason code |
+| deauth | bool | no | deauthenticates client instead of disassociating |
+| ban_time | int32 | no | ban client for N milliseconds |
+
+### example
+`ubus call hostapd.wl5-fb del_client '{ "addr": "68:2f:67:8b:98:ed", "reason": 5, "deauth": true, "ban_time": 10000 }'`
+
+
+## get_clients
+Show associated clients.
+
+### example
+`ubus call hostapd.wl5-fb get_clients`
+
+### output
+```json
+{
+ "freq": 5260,
+ "clients": {
+ "68:2f:67:8b:98:ed": {
+ "auth": true,
+ "assoc": true,
+ "authorized": true,
+ "preauth": false,
+ "wds": false,
+ "wmm": true,
+ "ht": true,
+ "vht": true,
+ "he": false,
+ "wps": false,
+ "mfp": true,
+ "rrm": [
+ 0,
+ 0,
+ 0,
+ 0,
+ 0
+ ],
+ "extended_capabilities": [
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 64
+ ],
+ "aid": 3,
+ "signature": "wifi4|probe:0,1,45,127,107,191,221(0017f2,10),221(001018,2),htcap:006f,htagg:1b,htmcs:0000ffff,vhtcap:0f825832,vhtrxmcs:0000ffea,vhttxmcs:0000ffea,extcap:0000008000000040|assoc:0,1,33,36,48,45,127,191,221(0017f2,10),221(001018,2),221(0050f2,2),htcap:006f,htagg:1b,htmcs:0000ffff,vhtcap:0f825832,vhtrxmcs:0000ffea,vhttxmcs:0000ffea,txpow:14f9,extcap:0000000000000040",
+ "bytes": {
+ "rx": 1933667,
+ "tx": 746805
+ },
+ "airtime": {
+ "rx": 208863,
+ "tx": 9037883
+ },
+ "packets": {
+ "rx": 3587,
+ "tx": 2185
+ },
+ "rate": {
+ "rx": 866700,
+ "tx": 866700
+ },
+ "signal": -50,
+ "capabilities": {
+ "vht": {
+ "su_beamformee": true,
+ "mu_beamformee": false,
+ "mcs_map": {
+ "rx": {
+ "1ss": 9,
+ "2ss": 9,
+ "3ss": 9,
+ "4ss": -1,
+ "5ss": -1,
+ "6ss": -1,
+ "7ss": -1,
+ "8ss": -1
+ },
+ "tx": {
+ "1ss": 9,
+ "2ss": 9,
+ "3ss": 9,
+ "4ss": -1,
+ "5ss": -1,
+ "6ss": -1,
+ "7ss": -1,
+ "8ss": -1
+ }
+ }
+ }
+ }
+ }
+ }
+}
+```
+
+
+## get_features
+Show HT/VHT support.
+
+### example
+`ubus call hostapd.wl5-fb get_features`
+
+### output
+```json
+{
+ "ht_supported": true,
+ "vht_supported": true
+}
+```
+
+
+## get_status
+Get BSS status.
+
+### example
+`ubus call hostapd.wl5-fb get_status`
+
+### output
+```json
+{
+ "status": "ENABLED",
+ "bssid": "b6:a7:b9:cb:ee:bc",
+ "ssid": "fb",
+ "freq": 5260,
+ "channel": 52,
+ "op_class": 128,
+ "beacon_interval": 100,
+ "phy": "wl5-lan",
+ "rrm": {
+ "neighbor_report_tx": 0
+ },
+ "wnm": {
+ "bss_transition_query_rx": 0,
+ "bss_transition_request_tx": 0,
+ "bss_transition_response_rx": 0
+ },
+ "airtime": {
+ "time": 259561738,
+ "time_busy": 2844249,
+ "utilization": 0
+ },
+ "dfs": {
+ "cac_seconds": 60,
+ "cac_active": false,
+ "cac_seconds_left": 0
+ }
+}
+```
+
+
+## link_measurement_req
+Initiate an 802.11k Link Measurement Request.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| addr | string | yes | client MAC address |
+| tx-power-used | int32 | no | transmit power used to transmit the Link Measurement Request frame |
+| tx-power-max | int32 | no | upper limit of transmit power to be used by the client |
+
+
+## list_bans
+List banned clients.
+
+### example
+`ubus call hostapd.wl5-fb list_bans`
+
+### output
+```json
+{
+ "clients": [
+ "68:2f:67:8b:98:ed"
+ ]
+}
+```
+
+
+## notify_response
+When enabled, hostapd will send a ubus notification and wait for a response before responding to various requests. This is used by e.g. usteer to make it possible to ignore probe requests.
+
+:warning: enabling this will cause hostapd to stop responding to probe requests unless a ubus subscriber responds to the ubus notifications.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| notify_response | int32 | yes | disable (0) or enable (!0) |
+
+### example
+`ubus call hostapd.wl5-fb notify_response '{ "notify_response": 1 }'`
+
+## reload
+Reload BSS configuration.
+
+:warning: this can cause problems for certain configurations:
+
+```
+Mon May 16 16:09:08 2022 daemon.warn hostapd: Failed to check if DFS is required; ret=-1
+Mon May 16 16:09:08 2022 daemon.warn hostapd: Failed to check if DFS is required; ret=-1
+Mon May 16 16:09:08 2022 daemon.err hostapd: Wrong coupling between HT and VHT/HE channel setting
+```
+
+### example
+`ubus call hostapd.wl5-fb reload`
+
+
+## rrm_beacon_req
+Send a Beacon Measurement Request to a client.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| addr | string | yes | client MAC address |
+| op_class | int32 | yes | the Regulatory Class for which this Measurement Request applies |
+| channel | int32 | yes | channel to measure |
+| duration | int32 | yes | compile Beacon Measurement Report after N TU |
+| mode | int32 | yes | mode to be used for measurement (0: passive, 1: active, 2: beacon table) |
+| bssid | string | no | filter BSSes in Beacon Measurement Report by BSSID |
+| ssid | string | no | filter BSSes in Beacon Measurement Report by SSID|
+
+
+## rrm_nr_get_own
+Show Neighbor Report Element for this BSS.
+
+### example
+`ubus call hostapd.wl5-fb rrm_nr_get_own`
+
+### output
+```json
+{
+ "value": [
+ "b6:a7:b9:cb:ee:bc",
+ "fb",
+ "b6a7b9cbeebcaf5900008095090603029b00"
+ ]
+}
+```
+
+
+## rrm_nr_list
+Show Neighbor Report Elements for other BSSes in this ESS.
+
+### example
+`ubus call hostapd.wl5-fb rrm_nr_list`
+
+### output
+```json
+{
+ "list": [
+ [
+ "b6:a7:b9:cb:ee:ba",
+ "fb",
+ "b6a7b9cbeebabf5900008064090603026a00"
+ ]
+ ]
+}
+```
+
+## rrm_nr_set
+Set the Neighbor Report Elements. An element for the node on which this command is executed will always be added.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| list | array | yes | array of Neighbor Report Elements in the format of the rrm_nr_list output |
+
+### example
+`ubus call hostapd.wl5-fb rrm_nr_set '{ "list": [ [ "b6:a7:b9:cb:ee:ba", "fb", "b6a7b9cbeebabf5900008064090603026a00" ] ] }'`
+
+
+## set_vendor_elements
+Configure Vendor-specific Information Elements for BSS.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| vendor_elements | string | yes | Vendor-specific Information Elements as hex string |
+
+### example
+`ubus call hostapd.wl5-fb set_vendor_elements '{ "vendor_elements": "dd054857dd6662" }'`
+
+
+## switch_chan
+Initiate a channel switch.
+
+:warning: trying to switch to the channel that is currently in use will fail: `Command failed: Operation not supported`
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| freq | int32 | yes | frequency in MHz to switch to |
+| bcn_count | int32 | no | count in Beacon frames (TBTT) to perform the switch |
+| center_freq1 | int32 | no | segment 0 center frequency in MHz (valid for HT and VHT) |
+| center_freq2 | int32 | no | segment 1 center frequency in MHz (valid only for 80 MHz channel width and an 80+80 channel) |
+| bandwidth | int32 | no | channel width to use |
+| sec_channel_offset| int32 | no | secondary channel offset for HT40 (0 = disabled, 1 = HT40+, -1 = HT40-) |
+| ht | bool | no | enable 802.11n |
+| vht | bool | no | enable 802.11ac |
+| he | bool | no | enable 802.11ax |
+| block_tx | bool | no | block transmission during CSA period |
+| csa_force | bool | no | restart the interface in case the CSA fails |
+
+## example
+`ubus call hostapd.wl5-fb switch_chan '{ "freq": 5180, "bcn_count": 10, "center_freq1": 5210, "bandwidth": 80, "he": 1, "block_tx": 1, "csa_force": 0 }'`
+
+
+## update_airtime
+Set dynamic airtime weight for client.
+
+### arguments
+| Name | Type | Required | Description |
+|---|---|---|---|
+| sta | string | yes | client MAC address |
+| weight | int32 | yes | airtime weight |
+
+
+## update_beacon
+Force beacon frame content to be updated and to start beaconing on an interface that uses start_disabled=1.
+
+### example
+`ubus call hostapd.wl5-fb update_beacon`
+
+
+## wps_status
+Get WPS status for BSS.
+
+### example
+`ubus call hostapd.wl5-fb wps_status`
+
+### output
+```json
+{
+ "pbc_status": "Disabled",
+ "last_wps_result": "None"
+}
+```
+
+
+## wps_cancel
+Cancel WPS Push Button Configuration.
+
+### example
+`ubus call hostapd.wl5-fb wps_cancel`
+
+
+## wps_start
+Start WPS Push Button Configuration.
+
+### example
+`ubus call hostapd.wl5-fb wps_start`
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index a714356e0..570af2c0b 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -122,6 +122,7 @@ hostapd_common_add_device_config() {
config_add_array hostapd_options
config_add_int airtime_mode
+ config_add_int mbssid
hostapd_add_log_config
}
@@ -135,7 +136,7 @@ hostapd_prepare_device_config() {
json_get_vars country country3 country_ie beacon_int:100 doth require_mode legacy_rates \
acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density \
rts_threshold beacon_rate rssi_reject_assoc_rssi rssi_ignore_probe_request maxassoc \
- vendor_vht
+ vendor_vht mbssid:0
hostapd_set_log_options base_cfg
@@ -237,6 +238,7 @@ hostapd_prepare_device_config() {
[ -n "$rts_threshold" ] && append base_cfg "rts_threshold=$rts_threshold" "$N"
[ "$airtime_mode" -gt 0 ] && append base_cfg "airtime_mode=$airtime_mode" "$N"
[ -n "$maxassoc" ] && append base_cfg "iface_max_num_sta=$maxassoc" "$N"
+ [ "$mbssid" -gt 0 ] && [ "$mbssid" -le 2 ] && append base_cfg "mbssid=$mbssid" "$N"
json_get_values opts hostapd_options
for val in $opts; do
diff --git a/package/network/services/hostapd/files/radius.clients b/package/network/services/hostapd/files/radius.clients
new file mode 100644
index 000000000..3175dcfd0
--- /dev/null
+++ b/package/network/services/hostapd/files/radius.clients
@@ -0,0 +1 @@
+0.0.0.0/0 radius
diff --git a/package/network/services/hostapd/files/radius.config b/package/network/services/hostapd/files/radius.config
new file mode 100644
index 000000000..ad8730748
--- /dev/null
+++ b/package/network/services/hostapd/files/radius.config
@@ -0,0 +1,9 @@
+config radius
+ option disabled '1'
+ option ca_cert '/etc/radius/ca.pem'
+ option cert '/etc/radius/cert.pem'
+ option key '/etc/radius/key.pem'
+ option users '/etc/radius/users'
+ option clients '/etc/radius/clients'
+ option auth_port '1812'
+ option acct_port '1813'
diff --git a/package/network/services/hostapd/files/radius.init b/package/network/services/hostapd/files/radius.init
new file mode 100644
index 000000000..4c562c247
--- /dev/null
+++ b/package/network/services/hostapd/files/radius.init
@@ -0,0 +1,42 @@
+#!/bin/sh /etc/rc.common
+
+START=30
+
+USE_PROCD=1
+NAME=radius
+
+radius_start() {
+ local cfg="$1"
+
+ config_get_bool disabled "$cfg" disabled 0
+
+ [ "$disabled" -gt 0 ] && return
+
+ config_get ca "$cfg" ca_cert
+ config_get key "$cfg" key
+ config_get cert "$cfg" cert
+ config_get users "$cfg" users
+ config_get clients "$cfg" clients
+ config_get auth_port "$cfg" auth_port 1812
+ config_get acct_port "$cfg" acct_port 1813
+ config_get identity "$cfg" identity "$(cat /proc/sys/kernel/hostname)"
+
+ procd_open_instance $cfg
+ procd_set_param command /usr/sbin/hostapd-radius \
+ -C "$ca" \
+ -c "$cert" -k "$key" \
+ -s "$clients" -u "$users" \
+ -p "$auth_port" -P "$acct_port" \
+ -i "$identity"
+ procd_close_instance
+}
+
+start_service() {
+ config_load radius
+ config_foreach radius_start radius
+}
+
+service_triggers()
+{
+ procd_add_reload_trigger "radius"
+}
diff --git a/package/network/services/hostapd/files/radius.users b/package/network/services/hostapd/files/radius.users
new file mode 100644
index 000000000..03e2fc8fa
--- /dev/null
+++ b/package/network/services/hostapd/files/radius.users
@@ -0,0 +1,14 @@
+{
+ "phase1": {
+ "wildcard": [
+ {
+ "name": "*",
+ "methods": [ "PEAP" ]
+ }
+ ]
+ },
+ "phase2": {
+ "users": {
+ }
+ }
+}
diff --git a/package/network/services/hostapd/files/wpa_supplicant-basic.config b/package/network/services/hostapd/files/wpa_supplicant-basic.config
index 6abd8e233..944b4d928 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-basic.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-basic.config
@@ -26,7 +26,7 @@
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
-CONFIG_DRIVER_WEXT=y
+#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config
index d24fbbb01..b39dabca0 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-full.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-full.config
@@ -26,7 +26,7 @@
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
-CONFIG_DRIVER_WEXT=y
+#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
diff --git a/package/network/services/hostapd/files/wpa_supplicant-mini.config b/package/network/services/hostapd/files/wpa_supplicant-mini.config
index 9eb1111e5..2a3f8fb69 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-mini.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-mini.config
@@ -26,7 +26,7 @@
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
-CONFIG_DRIVER_WEXT=y
+#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
diff --git a/package/network/services/hostapd/files/wpa_supplicant-p2p.config b/package/network/services/hostapd/files/wpa_supplicant-p2p.config
index 0dcc88e64..7f5140622 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-p2p.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-p2p.config
@@ -26,7 +26,7 @@
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
-CONFIG_DRIVER_WEXT=y
+#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
diff --git a/package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch b/package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
index 6bc48abfb..0a51c84d2 100644
--- a/package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
+++ b/package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
@@ -14,7 +14,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2436,7 +2436,7 @@ static int drv_supports_vht(struct wpa_s
+@@ -2638,7 +2638,7 @@ static int drv_supports_vht(struct wpa_s
}
@@ -23,7 +23,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
{
int i;
-@@ -2445,7 +2445,10 @@ static bool ibss_mesh_is_80mhz_avail(int
+@@ -2647,7 +2647,10 @@ static bool ibss_mesh_is_80mhz_avail(int
chan = hw_get_channel_chan(mode, i, NULL);
if (!chan ||
@@ -35,16 +35,16 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
return false;
}
-@@ -2474,6 +2477,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
- int chwidth, seg0, seg1;
- u32 vht_caps = 0;
- bool is_24ghz, is_6ghz;
-+ bool dfs_enabled = wpa_s->conf->country[0] &&
-+ (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
-
- freq->freq = ssid->frequency;
-
-@@ -2570,8 +2575,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2774,7 +2777,7 @@ static void ibss_mesh_select_40mhz(struc
+ const struct wpa_ssid *ssid,
+ struct hostapd_hw_modes *mode,
+ struct hostapd_freq_params *freq,
+- int obss_scan) {
++ int obss_scan, bool dfs_enabled) {
+ int chan_idx;
+ struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
+ int i, res;
+@@ -2798,8 +2801,11 @@ static void ibss_mesh_select_40mhz(struc
return;
/* Check primary channel flags */
@@ -55,9 +55,9 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
+ if (!dfs_enabled)
+ return;
- freq->channel = pri_chan->chan;
-
-@@ -2604,8 +2612,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ #ifdef CONFIG_HT_OVERRIDES
+ if (ssid->disable_ht40)
+@@ -2825,8 +2831,11 @@ static void ibss_mesh_select_40mhz(struc
return;
/* Check secondary channel flags */
@@ -70,25 +70,34 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
if (ht40 == -1) {
if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
-@@ -2694,7 +2705,7 @@ skip_to_6ghz:
- return;
+@@ -2880,7 +2889,7 @@ static bool ibss_mesh_select_80_160mhz(s
+ const struct wpa_ssid *ssid,
+ struct hostapd_hw_modes *mode,
+ struct hostapd_freq_params *freq,
+- int ieee80211_mode, bool is_6ghz) {
++ int ieee80211_mode, bool is_6ghz, bool dfs_enabled) {
+ static const int bw80[] = {
+ 5180, 5260, 5500, 5580, 5660, 5745, 5825,
+ 5955, 6035, 6115, 6195, 6275, 6355, 6435,
+@@ -2925,7 +2934,7 @@ static bool ibss_mesh_select_80_160mhz(s
+ goto skip_80mhz;
- /* Back to HT configuration if channel not usable */
+ /* Use 40 MHz if channel not usable */
- if (!ibss_mesh_is_80mhz_avail(channel, mode))
+ if (!ibss_mesh_is_80mhz_avail(channel, mode, dfs_enabled))
- return;
+ goto skip_80mhz;
chwidth = CONF_OPER_CHWIDTH_80MHZ;
-@@ -2708,7 +2719,7 @@ skip_to_6ghz:
- * above; check the remaining four 20 MHz channels for the total
- * of 160 MHz bandwidth.
- */
-- if (!ibss_mesh_is_80mhz_avail(channel + 16, mode))
-+ if (!ibss_mesh_is_80mhz_avail(channel + 16, mode, dfs_enabled))
- return;
-
+@@ -2939,7 +2948,7 @@ static bool ibss_mesh_select_80_160mhz(s
+ if ((mode->he_capab[ieee80211_mode].phy_cap[
+ HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
+ HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz &&
+- ibss_mesh_is_80mhz_avail(channel + 16, mode)) {
++ ibss_mesh_is_80mhz_avail(channel + 16, mode, dfs_enabled)) {
for (j = 0; j < ARRAY_SIZE(bw160); j++) {
-@@ -2738,10 +2749,12 @@ skip_to_6ghz:
+ if (freq->freq == bw160[j]) {
+ chwidth = CONF_OPER_CHWIDTH_160MHZ;
+@@ -2967,10 +2976,12 @@ static bool ibss_mesh_select_80_160mhz(s
if (!chan)
continue;
@@ -104,3 +113,23 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
/* Found a suitable second segment for 80+80 */
chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
+@@ -3025,6 +3036,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ int i, obss_scan = 1;
+ u8 channel;
+ bool is_6ghz;
++ bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
+
+ freq->freq = ssid->frequency;
+
+@@ -3070,9 +3082,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ freq->channel = channel;
+ /* Setup higher BW only for 5 GHz */
+ if (mode->mode == HOSTAPD_MODE_IEEE80211A) {
+- ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan);
++ ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan, dfs_enabled);
+ if (!ibss_mesh_select_80_160mhz(wpa_s, ssid, mode, freq,
+- ieee80211_mode, is_6ghz))
++ ieee80211_mode, is_6ghz, dfs_enabled))
+ freq->he_enabled = freq->vht_enabled = false;
+ }
+
diff --git a/package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch b/package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch
index 32a447914..9b11f0e80 100644
--- a/package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch
+++ b/package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch
@@ -29,7 +29,7 @@ Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
enum dfs_channel_type {
-@@ -515,9 +516,14 @@ dfs_get_valid_channel(struct hostapd_ifa
+@@ -521,9 +522,14 @@ dfs_get_valid_channel(struct hostapd_ifa
int num_available_chandefs;
int chan_idx, chan_idx2;
int sec_chan_idx_80p80 = -1;
@@ -44,7 +44,7 @@ Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
wpa_printf(MSG_DEBUG, "DFS: Selecting random channel");
*secondary_channel = 0;
*oper_centr_freq_seg0_idx = 0;
-@@ -537,8 +543,20 @@ dfs_get_valid_channel(struct hostapd_ifa
+@@ -543,8 +549,20 @@ dfs_get_valid_channel(struct hostapd_ifa
if (num_available_chandefs == 0)
return NULL;
@@ -68,7 +68,7 @@ Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
if (!chan) {
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -9948,6 +9948,10 @@ static int nl80211_switch_channel(void *
+@@ -10977,6 +10977,10 @@ static int nl80211_switch_channel(void *
if (ret)
goto error;
diff --git a/package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch b/package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch
index 80b23bdfc..4ee43b518 100644
--- a/package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch
+++ b/package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch
@@ -1,6 +1,6 @@
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
-@@ -4963,6 +4963,13 @@ static int add_associated_sta(struct hos
+@@ -4601,6 +4601,13 @@ static int add_associated_sta(struct hos
* drivers to accept the STA parameter configuration. Since this is
* after a new FT-over-DS exchange, a new TK has been derived, so key
* reinstallation is not a concern for this case.
@@ -14,7 +14,7 @@
*/
wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
" (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
-@@ -4976,7 +4983,8 @@ static int add_associated_sta(struct hos
+@@ -4614,7 +4621,8 @@ static int add_associated_sta(struct hos
(!(sta->flags & WLAN_STA_AUTHORIZED) ||
(reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
(!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
diff --git a/package/network/services/hostapd/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch b/package/network/services/hostapd/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch
index 25801da33..8dec325c9 100644
--- a/package/network/services/hostapd/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch
+++ b/package/network/services/hostapd/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch
@@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -3453,7 +3453,7 @@ static int hostapd_change_config_freq(st
+@@ -3764,7 +3764,7 @@ static int hostapd_change_config_freq(st
struct hostapd_freq_params *old_params)
{
int channel;
diff --git a/package/network/services/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch b/package/network/services/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
index 988fbbc6f..19248e80d 100644
--- a/package/network/services/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
+++ b/package/network/services/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
@@ -20,7 +20,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
#include <linux/rtnetlink.h>
#include <netpacket/packet.h>
#include <linux/errqueue.h>
-@@ -5344,26 +5341,29 @@ fail:
+@@ -5783,26 +5780,29 @@ fail:
static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
{
@@ -64,7 +64,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (err < 0) {
wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
-@@ -5373,9 +5373,8 @@ static void rtnl_neigh_delete_fdb_entry(
+@@ -5812,9 +5812,8 @@ static void rtnl_neigh_delete_fdb_entry(
MACSTR, MAC2STR(addr));
}
@@ -76,7 +76,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
}
-@@ -7763,7 +7762,6 @@ static void *i802_init(struct hostapd_da
+@@ -8492,7 +8491,6 @@ static void *i802_init(struct hostapd_da
(params->num_bridge == 0 || !params->bridge[0]))
add_ifidx(drv, br_ifindex, drv->ifindex);
@@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (bss->added_if_into_bridge || bss->already_in_bridge) {
int err;
-@@ -7780,7 +7778,6 @@ static void *i802_init(struct hostapd_da
+@@ -8509,7 +8507,6 @@ static void *i802_init(struct hostapd_da
goto failed;
}
}
@@ -92,7 +92,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
wpa_printf(MSG_DEBUG,
-@@ -10813,13 +10810,14 @@ static int wpa_driver_br_add_ip_neigh(vo
+@@ -11843,13 +11840,14 @@ static int wpa_driver_br_add_ip_neigh(vo
const u8 *ipaddr, int prefixlen,
const u8 *addr)
{
@@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
int res;
if (!ipaddr || prefixlen == 0 || !addr)
-@@ -10838,85 +10836,66 @@ static int wpa_driver_br_add_ip_neigh(vo
+@@ -11868,85 +11866,66 @@ static int wpa_driver_br_add_ip_neigh(vo
}
if (version == 4) {
@@ -220,7 +220,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
addrsize = 16;
} else {
return -EINVAL;
-@@ -10934,41 +10913,30 @@ static int wpa_driver_br_delete_ip_neigh
+@@ -11964,41 +11943,30 @@ static int wpa_driver_br_delete_ip_neigh
return -1;
}
diff --git a/package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch b/package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch
index 6b34cd435..f98d3806d 100644
--- a/package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch
+++ b/package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch
@@ -16,7 +16,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
-@@ -3781,15 +3781,6 @@ static void handle_auth(struct hostapd_d
+@@ -3012,15 +3012,6 @@ static void handle_auth(struct hostapd_d
seq_ctrl);
return;
}
@@ -25,7 +25,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
- sta->plink_state == PLINK_BLOCKED) {
- wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
- " is blocked - drop Authentication frame",
-- MAC2STR(mgmt->sa));
+- MAC2STR(sa));
- return;
- }
-#endif /* CONFIG_MESH */
diff --git a/package/network/services/hostapd/patches/050-build_fix.patch b/package/network/services/hostapd/patches/050-build_fix.patch
index c9268f59e..8680b07c6 100644
--- a/package/network/services/hostapd/patches/050-build_fix.patch
+++ b/package/network/services/hostapd/patches/050-build_fix.patch
@@ -10,7 +10,7 @@
CFLAGS += -DCONFIG_FILS_SK_PFS
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -320,6 +320,7 @@ endif
+@@ -331,6 +331,7 @@ endif
ifdef CONFIG_FILS
CFLAGS += -DCONFIG_FILS
NEED_SHA384=y
diff --git a/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch b/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch
index 01af14b71..22107944d 100644
--- a/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch
+++ b/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch
@@ -273,7 +273,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef CONFIG_RADIUS_SERVER
CFLAGS += -DRADIUS_SERVER
-@@ -1327,7 +1412,9 @@ NOBJS += ../src/utils/trace.o
+@@ -1329,7 +1414,9 @@ NOBJS += ../src/utils/trace.o
endif
HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o
@@ -283,7 +283,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef CONFIG_INTERNAL_AES
HOBJS += ../src/crypto/aes-internal.o
HOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1350,13 +1437,17 @@ SOBJS += ../src/common/sae.o
+@@ -1352,13 +1439,17 @@ SOBJS += ../src/common/sae.o
SOBJS += ../src/common/sae_pk.o
SOBJS += ../src/common/dragonfly.o
SOBJS += $(AESOBJS)
@@ -7765,7 +7765,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
CONFIG_SIM_SIMULATOR=y
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1149,6 +1149,29 @@ endif
+@@ -1163,6 +1163,29 @@ endif
CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
endif
@@ -7795,7 +7795,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifeq ($(CONFIG_TLS), gnutls)
ifndef CONFIG_CRYPTO
# default to libgcrypt
-@@ -1341,9 +1364,11 @@ endif
+@@ -1355,9 +1378,11 @@ endif
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
@@ -7807,7 +7807,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
# Seems to be needed at least with BoringSSL
NEED_INTERNAL_AES_WRAP=y
-@@ -1357,9 +1382,11 @@ endif
+@@ -1371,9 +1396,11 @@ endif
ifdef NEED_INTERNAL_AES_WRAP
ifneq ($(CONFIG_TLS), linux)
@@ -7819,7 +7819,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef NEED_AES_EAX
AESOBJS += ../src/crypto/aes-eax.o
NEED_AES_CTR=y
-@@ -1369,35 +1396,45 @@ AESOBJS += ../src/crypto/aes-siv.o
+@@ -1383,35 +1410,45 @@ AESOBJS += ../src/crypto/aes-siv.o
NEED_AES_CTR=y
endif
ifdef NEED_AES_CTR
@@ -7865,7 +7865,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef NEED_AES_ENC
ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1412,12 +1449,16 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1426,12 +1463,16 @@ ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
@@ -7882,7 +7882,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef CONFIG_INTERNAL_SHA1
SHA1OBJS += ../src/crypto/sha1-internal.o
ifdef NEED_FIPS186_2_PRF
-@@ -1429,29 +1470,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
+@@ -1443,29 +1484,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
else
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
@@ -7920,7 +7920,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef NEED_MD5
ifdef CONFIG_INTERNAL_MD5
MD5OBJS += ../src/crypto/md5-internal.o
-@@ -1506,12 +1555,17 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1520,12 +1569,17 @@ ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
@@ -7938,7 +7938,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef CONFIG_INTERNAL_SHA256
SHA256OBJS += ../src/crypto/sha256-internal.o
endif
-@@ -1524,50 +1578,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
+@@ -1538,50 +1592,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
SHA256OBJS += ../src/crypto/sha512-internal.o
endif
ifdef NEED_TLS_PRF_SHA256
@@ -8007,7 +8007,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef NEED_ASN1
OBJS += ../src/tls/asn1.o
-@@ -1742,10 +1814,12 @@ ifdef CONFIG_FIPS
+@@ -1756,10 +1828,12 @@ ifdef CONFIG_FIPS
CFLAGS += -DCONFIG_FIPS
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
diff --git a/package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch b/package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch
index a0d287086..a48725264 100644
--- a/package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch
+++ b/package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch
@@ -101,7 +101,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1160,10 +1160,6 @@ endif
+@@ -1174,10 +1174,6 @@ endif
OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
diff --git a/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch b/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
index 9e9e88c1e..148c268f9 100644
--- a/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
+++ b/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
@@ -727,7 +727,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
def check_ec_support(dev):
tls = dev.request("GET tls_library")
-@@ -1625,7 +1668,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma
+@@ -1595,7 +1638,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma
eap_connect(dev[0], hapd, "TTLS", "pap user",
anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
@@ -736,7 +736,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
altsubject_match="EMAIL:noone@example.com;DNS:server.w1.fi;URI:http://example.com/")
eap_reauth(dev[0], "TTLS")
-@@ -2860,6 +2903,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc
+@@ -2830,6 +2873,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc
def test_ap_wpa2_eap_tls_neg_subject_match(dev, apdev):
"""WPA2-Enterprise negative test - subject mismatch"""
@@ -744,7 +744,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0], params)
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-@@ -2920,6 +2964,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat
+@@ -2890,6 +2934,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat
def test_ap_wpa2_eap_tls_neg_altsubject_match(dev, apdev):
"""WPA2-Enterprise negative test - altsubject mismatch"""
@@ -752,7 +752,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0], params)
-@@ -3460,7 +3505,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde
+@@ -3430,7 +3475,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde
dev[0].request("REMOVE_NETWORK all")
tls = dev[0].request("GET tls_library")
@@ -761,7 +761,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
tests = [(1, "os_get_random;dh_init")]
else:
tests = [(1, "crypto_dh_init;dh_init")]
-@@ -4774,7 +4819,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4744,7 +4789,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
params["private_key"] = "auth_serv/iCA-server/server.key"
hostapd.add_ap(apdev[0], params)
tls = dev[0].request("GET tls_library")
@@ -770,7 +770,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
client_cert = "auth_serv/iCA-user/user_and_ica.pem"
else:
-@@ -4840,6 +4885,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4810,6 +4855,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, "-sha1")
def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md):
@@ -778,7 +778,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
params = int_eap_server_params()
params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
params["server_cert"] = "auth_serv/iCA-server/server.pem"
-@@ -4849,7 +4895,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
+@@ -4819,7 +4865,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
try:
hostapd.add_ap(apdev[0], params)
tls = dev[0].request("GET tls_library")
@@ -787,7 +787,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
client_cert = "auth_serv/iCA-user/user_and_ica.pem"
else:
-@@ -4885,7 +4931,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
+@@ -4855,7 +4901,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
try:
hostapd.add_ap(apdev[0], params)
tls = dev[0].request("GET tls_library")
@@ -796,7 +796,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
client_cert = "auth_serv/iCA-user/user_and_ica.pem"
else:
-@@ -4935,7 +4981,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4905,7 +4951,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
try:
hostapd.add_ap(apdev[0], params)
tls = dev[0].request("GET tls_library")
@@ -805,7 +805,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
client_cert = "auth_serv/iCA-user/user_and_ica.pem"
else:
-@@ -5002,7 +5048,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4972,7 +5018,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
hostapd.add_ap(apdev[0], params)
tls = dev[0].request("GET tls_library")
@@ -814,7 +814,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
client_cert = "auth_serv/iCA-user/user_and_ica.pem"
else:
-@@ -5260,6 +5306,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek
+@@ -5230,6 +5276,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek
def test_ap_wpa2_eap_ttls_server_pkcs12(dev, apdev):
"""WPA2-Enterprise using EAP-TTLS and server PKCS#12 file"""
@@ -822,7 +822,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
skip_with_fips(dev[0])
params = int_eap_server_params()
del params["server_cert"]
-@@ -5272,6 +5319,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12(
+@@ -5242,6 +5289,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12(
def test_ap_wpa2_eap_ttls_server_pkcs12_extra(dev, apdev):
"""EAP-TTLS and server PKCS#12 file with extra certs"""
@@ -830,7 +830,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
skip_with_fips(dev[0])
params = int_eap_server_params()
del params["server_cert"]
-@@ -5294,6 +5342,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv
+@@ -5264,6 +5312,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv
def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev):
"""WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)"""
@@ -838,7 +838,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
params = int_eap_server_params()
params["dh_file"] = "auth_serv/dsaparam.pem"
hapd = hostapd.add_ap(apdev[0], params)
-@@ -5605,8 +5654,8 @@ def test_ap_wpa2_eap_non_ascii_identity2
+@@ -5575,8 +5624,8 @@ def test_ap_wpa2_eap_non_ascii_identity2
def test_openssl_cipher_suite_config_wpas(dev, apdev):
"""OpenSSL cipher suite configuration on wpa_supplicant"""
tls = dev[0].request("GET tls_library")
@@ -849,7 +849,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hapd = hostapd.add_ap(apdev[0], params)
eap_connect(dev[0], hapd, "TTLS", "pap user",
-@@ -5632,14 +5681,14 @@ def test_openssl_cipher_suite_config_wpa
+@@ -5602,14 +5651,14 @@ def test_openssl_cipher_suite_config_wpa
def test_openssl_cipher_suite_config_hapd(dev, apdev):
"""OpenSSL cipher suite configuration on hostapd"""
tls = dev[0].request("GET tls_library")
@@ -868,7 +868,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
eap_connect(dev[0], hapd, "TTLS", "pap user",
anonymous_identity="ttls", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-@@ -6081,13 +6130,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a
+@@ -6051,13 +6100,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a
check_tls_ver(dev[0], hapd,
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1",
"TLSv1.2")
@@ -891,7 +891,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls:
check_tls_ver(dev[0], hapd,
"tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")
-@@ -6109,6 +6162,11 @@ def test_ap_wpa2_eap_tls_versions_server
+@@ -6079,6 +6132,11 @@ def test_ap_wpa2_eap_tls_versions_server
tests = [("TLSv1", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")]
@@ -903,7 +903,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
for exp, flags in tests:
hapd.disable()
hapd.set("tls_flags", flags)
-@@ -7145,6 +7203,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde
+@@ -7115,6 +7173,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde
def test_eap_tls_ext_cert_check(dev, apdev):
"""EAP-TLS and external server certification validation"""
# With internal server certificate chain validation
@@ -911,7 +911,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
identity="tls user",
ca_cert="auth_serv/ca.pem",
-@@ -7157,6 +7216,7 @@ def test_eap_tls_ext_cert_check(dev, apd
+@@ -7127,6 +7186,7 @@ def test_eap_tls_ext_cert_check(dev, apd
def test_eap_ttls_ext_cert_check(dev, apdev):
"""EAP-TTLS and external server certification validation"""
# Without internal server certificate chain validation
@@ -919,7 +919,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="pap user", anonymous_identity="ttls",
password="password", phase2="auth=PAP",
-@@ -7167,6 +7227,7 @@ def test_eap_ttls_ext_cert_check(dev, ap
+@@ -7137,6 +7197,7 @@ def test_eap_ttls_ext_cert_check(dev, ap
def test_eap_peap_ext_cert_check(dev, apdev):
"""EAP-PEAP and external server certification validation"""
# With internal server certificate chain validation
@@ -927,7 +927,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
identity="user", anonymous_identity="peap",
ca_cert="auth_serv/ca.pem",
-@@ -7177,6 +7238,7 @@ def test_eap_peap_ext_cert_check(dev, ap
+@@ -7147,6 +7208,7 @@ def test_eap_peap_ext_cert_check(dev, ap
def test_eap_fast_ext_cert_check(dev, apdev):
"""EAP-FAST and external server certification validation"""
@@ -935,7 +935,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
check_eap_capa(dev[0], "FAST")
# With internal server certificate chain validation
dev[0].request("SET blob fast_pac_auth_ext ")
-@@ -7191,10 +7253,6 @@ def test_eap_fast_ext_cert_check(dev, ap
+@@ -7161,10 +7223,6 @@ def test_eap_fast_ext_cert_check(dev, ap
run_ext_cert_check(dev, apdev, id)
def run_ext_cert_check(dev, apdev, net_id):
@@ -948,7 +948,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
-@@ -2347,11 +2347,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
+@@ -2471,11 +2471,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
# This will fail to roam
dev[0].roam(bssid1, check_bssid=False)
@@ -992,7 +992,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls)
capa = dev.request("GET_CAPABILITY dpp")
ver = 1
-@@ -3621,6 +3622,9 @@ def test_dpp_proto_auth_req_no_i_proto_k
+@@ -3892,6 +3893,9 @@ def test_dpp_proto_auth_req_no_i_proto_k
def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev):
"""DPP protocol testing - invalid I-proto key in Auth Req"""
@@ -1002,7 +1002,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key")
def test_dpp_proto_auth_req_no_i_nonce(dev, apdev):
-@@ -3716,7 +3720,12 @@ def test_dpp_proto_auth_resp_no_r_proto_
+@@ -3987,7 +3991,12 @@ def test_dpp_proto_auth_resp_no_r_proto_
def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev):
"""DPP protocol testing - invalid R-Proto Key in Auth Resp"""
@@ -1016,7 +1016,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev):
"""DPP protocol testing - no R-nonce in Auth Resp"""
-@@ -4078,11 +4087,17 @@ def test_dpp_proto_pkex_exchange_resp_in
+@@ -4349,11 +4358,17 @@ def test_dpp_proto_pkex_exchange_resp_in
def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev):
"""DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
@@ -1106,7 +1106,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
raise HwsimSkip("EC group not supported")
--- a/tests/hwsim/test_pmksa_cache.py
+++ b/tests/hwsim/test_pmksa_cache.py
-@@ -954,7 +954,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
+@@ -955,7 +955,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
eap_connect(dev[0], hapd, "PAX", "pax.user@example.com",
password_hex="0123456789abcdef0123456789abcdef",
bssid=apdev[0]['bssid'])
@@ -1115,7 +1115,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
with alloc_fail(dev[0], i, "rsn_preauth_init"):
res = dev[0].request("PREAUTH f2:11:22:33:44:55").strip()
logger.info("Iteration %d - PREAUTH command results: %s" % (i, res))
-@@ -962,7 +962,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
+@@ -963,7 +963,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
state = dev[0].request('GET_ALLOC_FAIL')
if state.startswith('0:'):
break
@@ -1138,7 +1138,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
heavy_groups = [14, 15, 16]
suitable_groups = [15, 16, 17, 18, 19, 20, 21]
groups = [str(g) for g in sae_groups]
-@@ -2122,6 +2127,8 @@ def run_sae_pwe_group(dev, apdev, group)
+@@ -2188,6 +2193,8 @@ def run_sae_pwe_group(dev, apdev, group)
logger.info("Add Brainpool EC groups since OpenSSL is new enough")
elif tls.startswith("wolfSSL"):
logger.info("Make sure Brainpool EC groups were enabled when compiling wolfSSL")
@@ -1149,7 +1149,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
start_sae_pwe_ap(apdev[0], group, 2)
--- a/tests/hwsim/test_suite_b.py
+++ b/tests/hwsim/test_suite_b.py
-@@ -26,6 +26,8 @@ def check_suite_b_tls_lib(dev, dhe=False
+@@ -27,6 +27,8 @@ def check_suite_b_tls_lib(dev, dhe=False
return
if tls.startswith("wolfSSL"):
return
@@ -1158,7 +1158,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
if not tls.startswith("OpenSSL"):
raise HwsimSkip("TLS library not supported for Suite B: " + tls)
supported = False
-@@ -499,6 +501,7 @@ def test_suite_b_192_rsa_insufficient_dh
+@@ -520,6 +522,7 @@ def test_suite_b_192_rsa_insufficient_dh
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
ieee80211w="2",
@@ -1168,7 +1168,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ca_cert="auth_serv/rsa3072-ca.pem",
--- a/tests/hwsim/test_wpas_ctrl.py
+++ b/tests/hwsim/test_wpas_ctrl.py
-@@ -1834,7 +1834,7 @@ def _test_wpas_ctrl_oom(dev):
+@@ -1842,7 +1842,7 @@ def _test_wpas_ctrl_oom(dev):
tls = dev[0].request("GET tls_library")
if not tls.startswith("internal"):
tests.append(('NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG', 'FAIL',
@@ -1179,7 +1179,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
res = dev[0].request(cmd)
--- a/tests/hwsim/utils.py
+++ b/tests/hwsim/utils.py
-@@ -135,7 +135,13 @@ def check_fils_sk_pfs_capa(dev):
+@@ -141,7 +141,13 @@ def check_imsi_privacy_support(dev):
def check_tls_tod(dev):
tls = dev.request("GET tls_library")
@@ -1308,7 +1308,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
if (need_more_data) {
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1108,6 +1108,7 @@ CFLAGS += -DCONFIG_TLSV12
+@@ -1122,6 +1122,7 @@ CFLAGS += -DCONFIG_TLSV12
endif
ifeq ($(CONFIG_TLS), wolfssl)
@@ -1316,7 +1316,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifdef TLS_FUNCS
CFLAGS += -DWOLFSSL_DER_LOAD
OBJS += ../src/crypto/tls_wolfssl.o
-@@ -1123,6 +1124,7 @@ LIBS_p += -lwolfssl -lm
+@@ -1137,6 +1138,7 @@ LIBS_p += -lwolfssl -lm
endif
ifeq ($(CONFIG_TLS), openssl)
@@ -1324,7 +1324,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
ifdef TLS_FUNCS
CFLAGS += -DEAP_TLS_OPENSSL
-@@ -1150,6 +1152,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
+@@ -1164,6 +1166,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
endif
ifeq ($(CONFIG_TLS), mbedtls)
@@ -1332,7 +1332,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=mbedtls
endif
-@@ -1169,6 +1172,7 @@ endif
+@@ -1183,6 +1186,7 @@ endif
endif
ifeq ($(CONFIG_TLS), gnutls)
@@ -1340,7 +1340,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifndef CONFIG_CRYPTO
# default to libgcrypt
CONFIG_CRYPTO=gnutls
-@@ -1199,6 +1203,7 @@ endif
+@@ -1213,6 +1217,7 @@ endif
endif
ifeq ($(CONFIG_TLS), internal)
@@ -1348,7 +1348,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=internal
endif
-@@ -1279,6 +1284,7 @@ endif
+@@ -1293,6 +1298,7 @@ endif
endif
ifeq ($(CONFIG_TLS), linux)
diff --git a/package/network/services/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch b/package/network/services/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch
index 361f72614..c8c3ff33f 100644
--- a/package/network/services/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch
+++ b/package/network/services/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch
@@ -14,7 +14,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
-@@ -248,6 +248,12 @@ struct crypto_ec_key * dpp_set_pubkey_po
+@@ -269,6 +269,12 @@ int dpp_get_pubkey_hash(struct crypto_ec
struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
{
diff --git a/package/network/services/hostapd/patches/160-dpp_pkex-EC-point-mul-w-value-prime.patch b/package/network/services/hostapd/patches/160-dpp_pkex-EC-point-mul-w-value-prime.patch
index 56ae8d0b8..db4fcfe23 100644
--- a/package/network/services/hostapd/patches/160-dpp_pkex-EC-point-mul-w-value-prime.patch
+++ b/package/network/services/hostapd/patches/160-dpp_pkex-EC-point-mul-w-value-prime.patch
@@ -13,7 +13,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
-@@ -1567,7 +1567,9 @@ dpp_pkex_derive_Qr(const struct dpp_curv
+@@ -1588,7 +1588,9 @@ dpp_pkex_derive_Qr(const struct dpp_curv
Pr = crypto_ec_key_get_public_key(Pr_key);
Qr = crypto_ec_point_init(ec);
hash_bn = crypto_bignum_init_set(hash, curve->hash_len);
diff --git a/package/network/services/hostapd/patches/170-DPP-fix-memleak-of-intro.peer_key.patch b/package/network/services/hostapd/patches/170-DPP-fix-memleak-of-intro.peer_key.patch
deleted file mode 100644
index 157347d6d..000000000
--- a/package/network/services/hostapd/patches/170-DPP-fix-memleak-of-intro.peer_key.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 639bb1bb912029ec4ff110c3ed807b62f583d6bf Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Sun, 9 Oct 2022 04:02:44 -0400
-Subject: [PATCH 7/7] DPP: fix memleak of intro.peer_key
-
-fix memleak of intro.peer_key in wpas_dpp_rx_peer_disc_resp()
-
-Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
----
- wpa_supplicant/dpp_supplicant.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
---- a/wpa_supplicant/dpp_supplicant.c
-+++ b/wpa_supplicant/dpp_supplicant.c
-@@ -2610,6 +2610,8 @@ static void wpas_dpp_rx_peer_disc_resp(s
- return;
- }
-
-+ os_memset(&intro, 0, sizeof(intro));
-+
- trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
- &trans_id_len);
- if (!trans_id || trans_id_len != 1) {
-@@ -2720,7 +2722,7 @@ static void wpas_dpp_rx_peer_disc_resp(s
- wpa_supplicant_req_scan(wpa_s, 0, 0);
- }
- fail:
-- os_memset(&intro, 0, sizeof(intro));
-+ dpp_peer_intro_deinit(&intro);
- }
-
-
diff --git a/package/network/services/hostapd/patches/170-hostapd-update-cfs0-and-cfs1-for-160MHz.patch b/package/network/services/hostapd/patches/170-hostapd-update-cfs0-and-cfs1-for-160MHz.patch
new file mode 100644
index 000000000..710a3c851
--- /dev/null
+++ b/package/network/services/hostapd/patches/170-hostapd-update-cfs0-and-cfs1-for-160MHz.patch
@@ -0,0 +1,141 @@
+From d4c4ef302f98fd6bce173b8636e7e350d8b44981 Mon Sep 17 00:00:00 2001
+From: P Praneesh <ppranees@codeaurora.org>
+Date: Fri, 19 Mar 2021 12:17:27 +0530
+Subject: [PATCH] hostapd: update cfs0 and cfs1 for 160MHz
+
+As per standard Draft P802.11ax_D8.0,( Table 26-9—Setting
+of the VHT Channel Width and VHT NSS at an HE STA
+transmitting the OM Control subfield ), center frequency of
+160MHz should be published in HT information subset 2 of
+HT information when EXT NSS BW field is enabled.
+
+If the supported number of NSS in 160MHz is at least max NSS
+support, then center_freq_seg0 indicates the center frequency of 80MHz and
+center_freq_seg1 indicates the center frequency of 160MHz.
+
+If the supported number of NSS in 160MHz is less than max NSS
+support, then center_freq_seg0 indicates the center frequency of 80MHz and
+center_freq_seg1 is 0. The center frequency of 160MHz is published in HT
+operation information element instead.
+
+Signed-off-by: P Praneesh <ppranees@codeaurora.org>
+---
+ hostapd/config_file.c | 2 ++
+ src/ap/ieee802_11_ht.c | 7 +++++++
+ src/ap/ieee802_11_vht.c | 16 ++++++++++++++++
+ src/common/hw_features_common.c | 1 +
+ src/common/ieee802_11_defs.h | 1 +
+ 5 files changed, 27 insertions(+)
+
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -1153,6 +1153,8 @@ static int hostapd_config_vht_capab(stru
+ conf->vht_capab |= VHT_CAP_RX_ANTENNA_PATTERN;
+ if (os_strstr(capab, "[TX-ANTENNA-PATTERN]"))
+ conf->vht_capab |= VHT_CAP_TX_ANTENNA_PATTERN;
++ if (os_strstr(capab, "[EXT-NSS-BW-SUPP]"))
++ conf->vht_capab |= VHT_CAP_EXTENDED_NSS_BW_SUPPORT;
+ return 0;
+ }
+ #endif /* CONFIG_IEEE80211AC */
+--- a/src/ap/ieee802_11_ht.c
++++ b/src/ap/ieee802_11_ht.c
+@@ -82,7 +82,9 @@ u8 * hostapd_eid_ht_capabilities(struct
+ u8 * hostapd_eid_ht_operation(struct hostapd_data *hapd, u8 *eid)
+ {
+ struct ieee80211_ht_operation *oper;
++ le32 vht_capabilities_info;
+ u8 *pos = eid;
++ u8 chwidth;
+
+ if (!hapd->iconf->ieee80211n || hapd->conf->disable_11n ||
+ is_6ghz_op_class(hapd->iconf->op_class))
+@@ -103,6 +105,13 @@ u8 * hostapd_eid_ht_operation(struct hos
+ oper->ht_param |= HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW |
+ HT_INFO_HT_PARAM_STA_CHNL_WIDTH;
+
++ vht_capabilities_info = host_to_le32(hapd->iface->current_mode->vht_capab);
++ chwidth = hostapd_get_oper_chwidth(hapd->iconf);
++ if (vht_capabilities_info & VHT_CAP_EXTENDED_NSS_BW_SUPPORT
++ && ((chwidth == CHANWIDTH_160MHZ) || (chwidth == CHANWIDTH_80P80MHZ))) {
++ oper->operation_mode = host_to_le16(hapd->iconf->vht_oper_centr_freq_seg0_idx << 5);
++ }
++
+ pos += sizeof(*oper);
+
+ return pos;
+--- a/src/ap/ieee802_11_vht.c
++++ b/src/ap/ieee802_11_vht.c
+@@ -25,6 +25,7 @@ u8 * hostapd_eid_vht_capabilities(struct
+ struct ieee80211_vht_capabilities *cap;
+ struct hostapd_hw_modes *mode = hapd->iface->current_mode;
+ u8 *pos = eid;
++ u8 chwidth;
+
+ if (!mode || is_6ghz_op_class(hapd->iconf->op_class))
+ return eid;
+@@ -62,6 +63,17 @@ u8 * hostapd_eid_vht_capabilities(struct
+ host_to_le32(nsts << VHT_CAP_BEAMFORMEE_STS_OFFSET);
+ }
+
++ chwidth = hostapd_get_oper_chwidth(hapd->iconf);
++ if (((host_to_le32(mode->vht_capab)) & VHT_CAP_EXTENDED_NSS_BW_SUPPORT)
++ && ((chwidth == CHANWIDTH_160MHZ) || (chwidth == CHANWIDTH_80P80MHZ))) {
++ cap->vht_capabilities_info |= VHT_CAP_EXTENDED_NSS_BW_SUPPORT;
++ cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ));
++ cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_160MHZ));
++ cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_MASK));
++ } else {
++ cap->vht_capabilities_info &= ~VHT_CAP_EXTENDED_NSS_BW_SUPPORT_MASK;
++ }
++
+ /* Supported MCS set comes from hw */
+ os_memcpy(&cap->vht_supported_mcs_set, mode->vht_mcs_set, 8);
+
+@@ -74,6 +86,7 @@ u8 * hostapd_eid_vht_capabilities(struct
+ u8 * hostapd_eid_vht_operation(struct hostapd_data *hapd, u8 *eid)
+ {
+ struct ieee80211_vht_operation *oper;
++ le32 vht_capabilities_info;
+ u8 *pos = eid;
+ enum oper_chan_width oper_chwidth =
+ hostapd_get_oper_chwidth(hapd->iconf);
+@@ -106,6 +119,7 @@ u8 * hostapd_eid_vht_operation(struct ho
+ oper->vht_op_info_chan_center_freq_seg1_idx = seg1;
+
+ oper->vht_op_info_chwidth = oper_chwidth;
++ vht_capabilities_info = host_to_le32(hapd->iface->current_mode->vht_capab);
+ if (oper_chwidth == CONF_OPER_CHWIDTH_160MHZ) {
+ /*
+ * Convert 160 MHz channel width to new style as interop
+@@ -119,6 +133,9 @@ u8 * hostapd_eid_vht_operation(struct ho
+ oper->vht_op_info_chan_center_freq_seg0_idx -= 8;
+ else
+ oper->vht_op_info_chan_center_freq_seg0_idx += 8;
++
++ if (vht_capabilities_info & VHT_CAP_EXTENDED_NSS_BW_SUPPORT)
++ oper->vht_op_info_chan_center_freq_seg1_idx = 0;
+ } else if (oper_chwidth == CONF_OPER_CHWIDTH_80P80MHZ) {
+ /*
+ * Convert 80+80 MHz channel width to new style as interop
+--- a/src/common/hw_features_common.c
++++ b/src/common/hw_features_common.c
+@@ -808,6 +808,7 @@ int ieee80211ac_cap_check(u32 hw, u32 co
+ VHT_CAP_CHECK(VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB);
+ VHT_CAP_CHECK(VHT_CAP_RX_ANTENNA_PATTERN);
+ VHT_CAP_CHECK(VHT_CAP_TX_ANTENNA_PATTERN);
++ VHT_CAP_CHECK(VHT_CAP_EXTENDED_NSS_BW_SUPPORT);
+
+ #undef VHT_CAP_CHECK
+ #undef VHT_CAP_CHECK_MAX
+--- a/src/common/ieee802_11_defs.h
++++ b/src/common/ieee802_11_defs.h
+@@ -1348,6 +1348,8 @@ struct ieee80211_ampe_ie {
+ #define VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB ((u32) BIT(26) | BIT(27))
+ #define VHT_CAP_RX_ANTENNA_PATTERN ((u32) BIT(28))
+ #define VHT_CAP_TX_ANTENNA_PATTERN ((u32) BIT(29))
++#define VHT_CAP_EXTENDED_NSS_BW_SUPPORT ((u32) BIT(30))
++#define VHT_CAP_EXTENDED_NSS_BW_SUPPORT_MASK ((u32) BIT(30) | BIT(31))
+
+ #define VHT_OPMODE_CHANNEL_WIDTH_MASK ((u8) BIT(0) | BIT(1))
+ #define VHT_OPMODE_CHANNEL_RxNSS_MASK ((u8) BIT(4) | BIT(5) | \
diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch
index 0db8caa20..f7e797a9c 100644
--- a/package/network/services/hostapd/patches/200-multicall.patch
+++ b/package/network/services/hostapd/patches/200-multicall.patch
@@ -36,7 +36,7 @@
LIBS += $(DRV_AP_LIBS)
ifdef CONFIG_L2_PACKET
-@@ -1378,6 +1384,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1380,6 +1386,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
_OBJS_VAR := OBJS
include ../src/objs.mk
@@ -49,7 +49,7 @@
hostapd: $(OBJS)
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
@$(E) " LD " $@
-@@ -1458,6 +1470,12 @@ include ../src/objs.mk
+@@ -1460,6 +1472,12 @@ include ../src/objs.mk
_OBJS_VAR := SOBJS
include ../src/objs.mk
@@ -71,8 +71,8 @@
+-include $(if $(MULTICALL),../hostapd/.config)
include ../src/build.rules
- ifdef CONFIG_BUILD_WPA_CLIENT_SO
-@@ -371,7 +372,9 @@ endif
+ ifdef CONFIG_BUILD_PASN_SO
+@@ -382,7 +383,9 @@ endif
ifdef CONFIG_IBSS_RSN
NEED_RSN_AUTHENTICATOR=y
CFLAGS += -DCONFIG_IBSS_RSN
@@ -82,7 +82,7 @@
OBJS += ibss_rsn.o
endif
-@@ -912,6 +915,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+@@ -924,6 +927,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
LIBS += -ldl -rdynamic
endif
@@ -93,7 +93,7 @@
endif
ifdef CONFIG_AP
-@@ -919,9 +926,11 @@ NEED_EAP_COMMON=y
+@@ -931,9 +938,11 @@ NEED_EAP_COMMON=y
NEED_RSN_AUTHENTICATOR=y
CFLAGS += -DCONFIG_AP
OBJS += ap.o
@@ -105,7 +105,7 @@
OBJS += ../src/ap/hostapd.o
OBJS += ../src/ap/wpa_auth_glue.o
OBJS += ../src/ap/utils.o
-@@ -1008,6 +1017,12 @@ endif
+@@ -1022,6 +1031,12 @@ endif
ifdef CONFIG_HS20
OBJS += ../src/ap/hs20.o
endif
@@ -118,7 +118,7 @@
endif
ifdef CONFIG_MBO
-@@ -1016,7 +1031,9 @@ CFLAGS += -DCONFIG_MBO
+@@ -1030,7 +1045,9 @@ CFLAGS += -DCONFIG_MBO
endif
ifdef NEED_RSN_AUTHENTICATOR
@@ -128,7 +128,7 @@
NEED_AES_WRAP=y
OBJS += ../src/ap/wpa_auth.o
OBJS += ../src/ap/wpa_auth_ie.o
-@@ -1996,6 +2013,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+@@ -2010,6 +2027,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
_OBJS_VAR := OBJS
include ../src/objs.mk
@@ -141,7 +141,7 @@
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
@$(E) " LD " $@
-@@ -2128,6 +2151,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
+@@ -2142,6 +2165,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
@$(E) " sed" $<
@@ -156,7 +156,7 @@
wpa_cli.exe: wpa_cli
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -6171,8 +6171,8 @@ union wpa_event_data {
+@@ -6651,8 +6651,8 @@ union wpa_event_data {
* Driver wrapper code should call this function whenever an event is received
* from the driver.
*/
@@ -167,7 +167,7 @@
/**
* wpa_supplicant_event_global - Report a driver event for wpa_supplicant
-@@ -6184,7 +6184,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -6664,7 +6664,7 @@ void wpa_supplicant_event(void *ctx, enu
* Same as wpa_supplicant_event(), but we search for the interface in
* wpa_global.
*/
@@ -178,7 +178,7 @@
/*
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
-@@ -1872,8 +1872,8 @@ err:
+@@ -1994,8 +1994,8 @@ err:
#endif /* CONFIG_OWE */
@@ -189,7 +189,7 @@
{
struct hostapd_data *hapd = ctx;
#ifndef CONFIG_NO_STDOUT_DEBUG
-@@ -2145,7 +2145,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -2271,7 +2271,7 @@ void wpa_supplicant_event(void *ctx, enu
}
@@ -200,7 +200,7 @@
struct hapd_interfaces *interfaces = ctx;
--- a/wpa_supplicant/wpa_priv.c
+++ b/wpa_supplicant/wpa_priv.c
-@@ -1038,8 +1038,8 @@ static void wpa_priv_send_ft_response(st
+@@ -1039,8 +1039,8 @@ static void wpa_priv_send_ft_response(st
}
@@ -211,7 +211,7 @@
{
struct wpa_priv_interface *iface = ctx;
-@@ -1102,7 +1102,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -1103,7 +1103,7 @@ void wpa_supplicant_event(void *ctx, enu
}
@@ -220,7 +220,7 @@
union wpa_event_data *data)
{
struct wpa_priv_global *global = ctx;
-@@ -1216,6 +1216,8 @@ int main(int argc, char *argv[])
+@@ -1217,6 +1217,8 @@ int main(int argc, char *argv[])
if (os_program_init())
return -1;
@@ -231,7 +231,7 @@
os_memset(&global, 0, sizeof(global));
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
-@@ -4953,8 +4953,8 @@ static void wpas_event_unprot_beacon(str
+@@ -5345,8 +5345,8 @@ static void wpas_link_reconfig(struct wp
}
@@ -242,7 +242,7 @@
{
struct wpa_supplicant *wpa_s = ctx;
int resched;
-@@ -5813,7 +5813,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -6264,7 +6264,7 @@ void wpa_supplicant_event(void *ctx, enu
}
@@ -253,7 +253,7 @@
struct wpa_supplicant *wpa_s;
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -7087,7 +7087,6 @@ struct wpa_interface * wpa_supplicant_ma
+@@ -7435,7 +7435,6 @@ struct wpa_interface * wpa_supplicant_ma
return NULL;
}
@@ -261,7 +261,7 @@
/**
* wpa_supplicant_match_existing - Match existing interfaces
* @global: Pointer to global data from wpa_supplicant_init()
-@@ -7122,6 +7121,11 @@ static int wpa_supplicant_match_existing
+@@ -7470,6 +7469,11 @@ static int wpa_supplicant_match_existing
#endif /* CONFIG_MATCH_IFACE */
@@ -273,7 +273,7 @@
/**
* wpa_supplicant_add_iface - Add a new network interface
-@@ -7378,6 +7382,8 @@ struct wpa_global * wpa_supplicant_init(
+@@ -7726,6 +7730,8 @@ struct wpa_global * wpa_supplicant_init(
#ifndef CONFIG_NO_WPA_MSG
wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
#endif /* CONFIG_NO_WPA_MSG */
@@ -284,7 +284,7 @@
wpa_debug_open_file(params->wpa_debug_file_path);
--- a/hostapd/main.c
+++ b/hostapd/main.c
-@@ -591,6 +591,11 @@ fail:
+@@ -685,6 +685,11 @@ fail:
return -1;
}
@@ -296,7 +296,7 @@
#ifdef CONFIG_WPS
static int gen_uuid(const char *txt_addr)
-@@ -684,6 +689,8 @@ int main(int argc, char *argv[])
+@@ -778,6 +783,8 @@ int main(int argc, char *argv[])
return -1;
#endif /* CONFIG_DPP */
diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch
index a0e00c4d5..1ea89043e 100644
--- a/package/network/services/hostapd/patches/300-noscan.patch
+++ b/package/network/services/hostapd/patches/300-noscan.patch
@@ -1,6 +1,6 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3439,6 +3439,10 @@ static int hostapd_config_fill(struct ho
+@@ -3448,6 +3448,10 @@ static int hostapd_config_fill(struct ho
if (bss->ocv && !bss->ieee80211w)
bss->ieee80211w = 1;
#endif /* CONFIG_OCV */
@@ -13,7 +13,7 @@
} else if (os_strcmp(buf, "ht_capab") == 0) {
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -1043,6 +1043,8 @@ struct hostapd_config {
+@@ -1072,6 +1072,8 @@ struct hostapd_config {
int ht_op_mode_fixed;
u16 ht_capab;
@@ -36,7 +36,7 @@
hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
--- a/src/ap/ieee802_11_ht.c
+++ b/src/ap/ieee802_11_ht.c
-@@ -230,6 +230,9 @@ void hostapd_2040_coex_action(struct hos
+@@ -239,6 +239,9 @@ void hostapd_2040_coex_action(struct hos
return;
}
@@ -46,7 +46,7 @@
if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) {
wpa_printf(MSG_DEBUG,
"Ignore too short 20/40 BSS Coexistence Management frame");
-@@ -390,6 +393,9 @@ void ht40_intolerant_add(struct hostapd_
+@@ -399,6 +402,9 @@ void ht40_intolerant_add(struct hostapd_
if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
return;
diff --git a/package/network/services/hostapd/patches/301-mesh-noscan.patch b/package/network/services/hostapd/patches/301-mesh-noscan.patch
index 998540198..6b5416f0e 100644
--- a/package/network/services/hostapd/patches/301-mesh-noscan.patch
+++ b/package/network/services/hostapd/patches/301-mesh-noscan.patch
@@ -1,6 +1,6 @@
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
-@@ -2555,6 +2555,7 @@ static const struct parse_data ssid_fiel
+@@ -2600,6 +2600,7 @@ static const struct parse_data ssid_fiel
#else /* CONFIG_MESH */
{ INT_RANGE(mode, 0, 4) },
#endif /* CONFIG_MESH */
@@ -10,7 +10,7 @@
{ STR(id_str) },
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
-@@ -766,6 +766,7 @@ static void wpa_config_write_network(FIL
+@@ -775,6 +775,7 @@ static void wpa_config_write_network(FIL
#endif /* IEEE8021X_EAPOL */
INT(mode);
INT(no_auto_peer);
@@ -31,36 +31,36 @@
/*
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2463,7 +2463,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2710,7 +2710,7 @@ static bool ibss_mesh_can_use_vht(struct
+ const struct wpa_ssid *ssid,
+ struct hostapd_hw_modes *mode)
+ {
+- if (mode->mode != HOSTAPD_MODE_IEEE80211A)
++ if (mode->mode != HOSTAPD_MODE_IEEE80211A && !(ssid->noscan))
+ return false;
+
+ if (!drv_supports_vht(wpa_s, ssid))
+@@ -2783,7 +2783,7 @@ static void ibss_mesh_select_40mhz(struc
+ int i, res;
+ unsigned int j;
+ static const int ht40plus[] = {
+- 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, 165, 173,
++ 1, 2, 3, 4, 5, 6, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, 165, 173,
+ 184, 192
+ };
+ int ht40 = -1;
+@@ -3033,7 +3033,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
enum hostapd_hw_mode hw_mode;
struct hostapd_hw_modes *mode = NULL;
-- int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
-+ int ht40plus[] = { 1, 2, 3, 4, 5, 6, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
- 184, 192 };
- int bw80[] = { 5180, 5260, 5500, 5580, 5660, 5745, 5955,
- 6035, 6115, 6195, 6275, 6355, 6435, 6515,
-@@ -2471,7 +2471,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
- int bw160[] = { 5955, 6115, 6275, 6435, 6595, 6755, 6915 };
- struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
+- int i, obss_scan = 1;
++ int i, obss_scan = !(ssid->noscan);
u8 channel;
-- int i, chan_idx, ht40 = -1, res, obss_scan = 1;
-+ int i, chan_idx, ht40 = -1, res, obss_scan = !(ssid->noscan);
- unsigned int j, k;
- struct hostapd_freq_params vht_freq;
- int chwidth, seg0, seg1;
-@@ -2562,7 +2562,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
- #endif /* CONFIG_HE_OVERRIDES */
-
- /* Setup higher BW only for 5 GHz */
-- if (mode->mode != HOSTAPD_MODE_IEEE80211A)
-+ if (mode->mode != HOSTAPD_MODE_IEEE80211A && !(ssid->noscan))
- return;
-
- for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
+ bool is_6ghz;
+ bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
-@@ -981,6 +981,8 @@ struct wpa_ssid {
+@@ -1035,6 +1035,8 @@ struct wpa_ssid {
*/
int no_auto_peer;
diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch
index 2c2541947..a47546d38 100644
--- a/package/network/services/hostapd/patches/310-rescan_immediately.patch
+++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch
@@ -1,6 +1,6 @@
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -5419,7 +5419,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+@@ -5740,7 +5740,7 @@ wpa_supplicant_alloc(struct wpa_supplica
if (wpa_s == NULL)
return NULL;
wpa_s->scan_req = INITIAL_SCAN_REQ;
diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
index 8218a439a..c11c95721 100644
--- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
+++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
@@ -1,6 +1,6 @@
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -5022,7 +5022,7 @@ static int nl80211_set_channel(struct i8
+@@ -5407,7 +5407,7 @@ static int nl80211_set_channel(struct i8
freq->he_enabled, freq->eht_enabled, freq->bandwidth,
freq->center_freq1, freq->center_freq2);
diff --git a/package/network/services/hostapd/patches/340-reload_freq_change.patch b/package/network/services/hostapd/patches/340-reload_freq_change.patch
index b59107463..ae6cd81ea 100644
--- a/package/network/services/hostapd/patches/340-reload_freq_change.patch
+++ b/package/network/services/hostapd/patches/340-reload_freq_change.patch
@@ -1,6 +1,6 @@
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -119,6 +119,29 @@ static void hostapd_reload_bss(struct ho
+@@ -143,6 +143,29 @@ static void hostapd_reload_bss(struct ho
#endif /* CONFIG_NO_RADIUS */
ssid = &hapd->conf->ssid;
@@ -30,7 +30,7 @@
if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next &&
ssid->wpa_passphrase_set && ssid->wpa_passphrase) {
/*
-@@ -220,6 +243,7 @@ int hostapd_reload_config(struct hostapd
+@@ -251,6 +274,7 @@ int hostapd_reload_config(struct hostapd
struct hostapd_data *hapd = iface->bss[0];
struct hostapd_config *newconf, *oldconf;
size_t j;
@@ -38,7 +38,7 @@
if (iface->config_fname == NULL) {
/* Only in-memory config in use - assume it has been updated */
-@@ -270,24 +294,20 @@ int hostapd_reload_config(struct hostapd
+@@ -301,6 +325,17 @@ int hostapd_reload_config(struct hostapd
}
iface->conf = newconf;
@@ -55,6 +55,10 @@
+
for (j = 0; j < iface->num_bss; j++) {
hapd = iface->bss[j];
+ if (!hapd->conf->config_id || !newconf->bss[j]->config_id ||
+@@ -308,21 +343,6 @@ int hostapd_reload_config(struct hostapd
+ newconf->bss[j]->config_id) != 0)
+ hostapd_clear_old_bss(hapd);
hapd->iconf = newconf;
- hapd->iconf->channel = oldconf->channel;
- hapd->iconf->acs = oldconf->acs;
diff --git a/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch b/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch
index 29a3799b5..878445287 100644
--- a/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch
+++ b/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch
@@ -1,6 +1,6 @@
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
-@@ -1803,15 +1803,35 @@ int ap_switch_channel(struct wpa_supplic
+@@ -1825,15 +1825,35 @@ int ap_switch_channel(struct wpa_supplic
#ifdef CONFIG_CTRL_IFACE
diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
index a88b63e91..647ca2cbf 100644
--- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
+++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
@@ -1,34 +1,35 @@
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -2938,11 +2938,11 @@ static int wpa_driver_nl80211_del_beacon
- struct wpa_driver_nl80211_data *drv = bss->drv;
+@@ -3008,12 +3008,12 @@ static int wpa_driver_nl80211_del_beacon
+ return 0;
wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
- drv->ifindex);
+ bss->ifindex);
- bss->beacon_set = 0;
- bss->freq = 0;
+ link->beacon_set = 0;
+ link->freq = 0;
+
nl80211_put_wiphy_data_ap(bss);
- msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
+ msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON);
- return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
- }
+ if (!msg)
+ return -ENOBUFS;
-@@ -5661,7 +5661,7 @@ static void nl80211_teardown_ap(struct i
+@@ -6100,7 +6100,7 @@ static void nl80211_teardown_ap(struct i
nl80211_mgmt_unsubscribe(bss, "AP teardown");
nl80211_put_wiphy_data_ap(bss);
-- bss->beacon_set = 0;
-+ wpa_driver_nl80211_del_beacon(bss);
+- bss->flink->beacon_set = 0;
++ wpa_driver_nl80211_del_beacon_all(bss);
}
-@@ -8120,8 +8120,6 @@ static int wpa_driver_nl80211_if_remove(
+@@ -8859,8 +8859,6 @@ static int wpa_driver_nl80211_if_remove(
} else {
wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
nl80211_teardown_ap(bss);
- if (!bss->added_if && !drv->first_bss->next)
-- wpa_driver_nl80211_del_beacon(bss);
+- wpa_driver_nl80211_del_beacon_all(bss);
nl80211_destroy_bss(bss);
if (!bss->added_if)
i802_set_iface_flags(bss, 0);
diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
index 7699541fd..4d85ea11f 100644
--- a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
+++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
@@ -1,6 +1,6 @@
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
-@@ -67,6 +67,7 @@
+@@ -68,6 +68,7 @@
#include "fst/fst_ctrl_iface.h"
#include "config_file.h"
#include "ctrl_iface.h"
@@ -8,7 +8,7 @@
#define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
-@@ -82,6 +83,7 @@ static void hostapd_ctrl_iface_send(stru
+@@ -83,6 +84,7 @@ static void hostapd_ctrl_iface_send(stru
enum wpa_msg_type type,
const char *buf, size_t len);
@@ -16,7 +16,7 @@
static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
struct sockaddr_storage *from,
-@@ -133,6 +135,61 @@ static int hostapd_ctrl_iface_new_sta(st
+@@ -134,6 +136,61 @@ static int hostapd_ctrl_iface_new_sta(st
return 0;
}
@@ -78,7 +78,7 @@
#ifdef NEED_AP_MLME
static int hostapd_ctrl_iface_sa_query(struct hostapd_data *hapd,
-@@ -3449,6 +3506,8 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3564,6 +3621,8 @@ static int hostapd_ctrl_iface_receive_pr
} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
reply_size);
@@ -89,7 +89,7 @@
#ifdef RADIUS_SERVER
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
-@@ -945,7 +945,13 @@ int hostapd_parse_csa_settings(const cha
+@@ -1023,7 +1023,13 @@ int hostapd_parse_csa_settings(const cha
int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
{
diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch
index 6faaffcf7..3baad2a52 100644
--- a/package/network/services/hostapd/patches/370-ap_sta_support.patch
+++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch
@@ -1,6 +1,6 @@
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -115,6 +115,8 @@ OBJS_c += ../src/utils/common.o
+@@ -126,6 +126,8 @@ OBJS_c += ../src/utils/common.o
OBJS_c += ../src/common/cli.o
OBJS += wmm_ac.o
@@ -19,7 +19,7 @@
#include "drivers/driver.h"
#include "eap_peer/eap.h"
#include "wpa_supplicant_i.h"
-@@ -282,6 +283,10 @@ void calculate_update_time(const struct
+@@ -283,6 +284,10 @@ void calculate_update_time(const struct
static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
struct os_reltime *fetch_time)
{
@@ -30,7 +30,7 @@
dst->flags = src->flags;
os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
dst->freq = src->freq;
-@@ -295,6 +300,15 @@ static void wpa_bss_copy_res(struct wpa_
+@@ -296,6 +301,15 @@ static void wpa_bss_copy_res(struct wpa_
dst->est_throughput = src->est_throughput;
dst->snr = src->snr;
@@ -154,7 +154,7 @@
#ifdef CONFIG_WEP
/* Configure default/group WEP keys for static WEP */
-@@ -1016,6 +1064,8 @@ void wpa_supplicant_set_state(struct wpa
+@@ -1026,6 +1074,8 @@ void wpa_supplicant_set_state(struct wpa
sme_sched_obss_scan(wpa_s, 1);
@@ -163,7 +163,7 @@
#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
if (!fils_hlp_sent && ssid && ssid->eap.erp)
update_fils_connect_params = true;
-@@ -1026,6 +1076,8 @@ void wpa_supplicant_set_state(struct wpa
+@@ -1036,6 +1086,8 @@ void wpa_supplicant_set_state(struct wpa
#endif /* CONFIG_OWE */
} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
state == WPA_ASSOCIATED) {
@@ -172,7 +172,7 @@
wpa_s->new_connection = 1;
wpa_drv_set_operstate(wpa_s, 0);
#ifndef IEEE8021X_EAPOL
-@@ -2335,6 +2387,8 @@ void wpa_supplicant_associate(struct wpa
+@@ -2537,6 +2589,8 @@ void wpa_supplicant_associate(struct wpa
return;
}
wpa_s->current_bss = bss;
@@ -181,7 +181,7 @@
#else /* CONFIG_MESH */
wpa_msg(wpa_s, MSG_ERROR,
"mesh mode support not included in the build");
-@@ -6693,6 +6747,16 @@ static int wpa_supplicant_init_iface(str
+@@ -7037,6 +7091,16 @@ static int wpa_supplicant_init_iface(str
sizeof(wpa_s->bridge_ifname));
}
@@ -198,7 +198,7 @@
/* RSNA Supplicant Key Management - INITIALIZE */
eapol_sm_notify_portEnabled(wpa_s->eapol, false);
eapol_sm_notify_portValid(wpa_s->eapol, false);
-@@ -7031,6 +7095,11 @@ static void wpa_supplicant_deinit_iface(
+@@ -7379,6 +7443,11 @@ static void wpa_supplicant_deinit_iface(
if (terminate)
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
@@ -212,7 +212,7 @@
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
-@@ -105,6 +105,11 @@ struct wpa_interface {
+@@ -106,6 +106,11 @@ struct wpa_interface {
const char *ifname;
/**
@@ -224,7 +224,7 @@
* bridge_ifname - Optional bridge interface name
*
* If the driver interface (ifname) is included in a Linux bridge
-@@ -717,6 +722,8 @@ struct wpa_supplicant {
+@@ -665,6 +670,8 @@ struct wpa_supplicant {
#endif /* CONFIG_CTRL_IFACE_BINDER */
char bridge_ifname[16];
@@ -235,7 +235,7 @@
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
-@@ -2641,6 +2641,12 @@ static int hostapd_ctrl_iface_chan_switc
+@@ -2751,6 +2751,12 @@ static int hostapd_ctrl_iface_chan_switc
return 0;
}
@@ -250,7 +250,7 @@
/* Save CHAN_SWITCH VHT, HE, and EHT config */
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
-@@ -1903,11 +1903,6 @@ static int __ieee802_11_set_beacon(struc
+@@ -2108,11 +2108,6 @@ static int __ieee802_11_set_beacon(struc
return -1;
}
@@ -264,7 +264,7 @@
if (ieee802_11_build_ap_params(hapd, ¶ms) < 0)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
-@@ -4953,6 +4953,60 @@ static void wpas_event_unprot_beacon(str
+@@ -5345,6 +5345,60 @@ static void wpas_link_reconfig(struct wp
}
@@ -325,7 +325,7 @@
void supplicant_event(void *ctx, enum wpa_event_type event,
union wpa_event_data *data)
{
-@@ -5268,8 +5322,10 @@ void supplicant_event(void *ctx, enum wp
+@@ -5697,8 +5751,10 @@ void supplicant_event(void *ctx, enum wp
channel_width_to_string(data->ch_switch.ch_width),
data->ch_switch.cf1,
data->ch_switch.cf2);
@@ -339,7 +339,7 @@
wpa_s->current_ssid->frequency = data->ch_switch.freq;
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -5968,6 +5968,7 @@ union wpa_event_data {
+@@ -6421,6 +6421,7 @@ union wpa_event_data {
/**
* struct ch_switch
@@ -347,8 +347,8 @@
* @freq: Frequency of new channel in MHz
* @ht_enabled: Whether this is an HT channel
* @ch_offset: Secondary channel offset
-@@ -5976,6 +5977,7 @@ union wpa_event_data {
- * @cf2: Center frequency 2
+@@ -6431,6 +6432,7 @@ union wpa_event_data {
+ * @punct_bitmap: Puncturing bitmap
*/
struct ch_switch {
+ int count;
@@ -357,16 +357,15 @@
int ch_offset;
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
-@@ -694,7 +694,7 @@ static void mlme_event_ch_switch(struct
- struct nlattr *ifindex, struct nlattr *freq,
- struct nlattr *type, struct nlattr *bw,
- struct nlattr *cf1, struct nlattr *cf2,
-- int finished)
-+ struct nlattr *count, int finished)
+@@ -1202,6 +1202,7 @@ static void mlme_event_ch_switch(struct
+ struct nlattr *bw, struct nlattr *cf1,
+ struct nlattr *cf2,
+ struct nlattr *punct_bitmap,
++ struct nlattr *count,
+ int finished)
{
struct i802_bss *bss;
- union wpa_event_data data;
-@@ -755,6 +755,8 @@ static void mlme_event_ch_switch(struct
+@@ -1265,6 +1266,8 @@ static void mlme_event_ch_switch(struct
data.ch_switch.cf1 = nla_get_u32(cf1);
if (cf2)
data.ch_switch.cf2 = nla_get_u32(cf2);
@@ -374,19 +373,19 @@
+ data.ch_switch.count = nla_get_u32(count);
if (finished)
- bss->freq = data.ch_switch.freq;
-@@ -3113,6 +3115,7 @@ static void do_process_drv_event(struct
- tb[NL80211_ATTR_CHANNEL_WIDTH],
+ bss->flink->freq = data.ch_switch.freq;
+@@ -3848,6 +3851,7 @@ static void do_process_drv_event(struct
tb[NL80211_ATTR_CENTER_FREQ1],
tb[NL80211_ATTR_CENTER_FREQ2],
+ tb[NL80211_ATTR_PUNCT_BITMAP],
+ tb[NL80211_ATTR_CH_SWITCH_COUNT],
0);
break;
case NL80211_CMD_CH_SWITCH_NOTIFY:
-@@ -3123,6 +3126,7 @@ static void do_process_drv_event(struct
- tb[NL80211_ATTR_CHANNEL_WIDTH],
+@@ -3860,6 +3864,7 @@ static void do_process_drv_event(struct
tb[NL80211_ATTR_CENTER_FREQ1],
tb[NL80211_ATTR_CENTER_FREQ2],
+ tb[NL80211_ATTR_PUNCT_BITMAP],
+ NULL,
1);
break;
diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
index 1f78c42de..456599db0 100644
--- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
+++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
@@ -12,7 +12,7 @@
else
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
-@@ -3265,6 +3265,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3377,6 +3377,7 @@ static int hostapd_ctrl_iface_receive_pr
reply_size);
} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
reply_len = hostapd_drv_status(hapd, reply, reply_size);
@@ -20,7 +20,7 @@
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
if (reply_len >= 0) {
-@@ -3306,6 +3307,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3418,6 +3419,7 @@ static int hostapd_ctrl_iface_receive_pr
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
reply_size);
@@ -30,7 +30,7 @@
reply_len = -1;
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -973,6 +973,9 @@ ifdef CONFIG_FILS
+@@ -985,6 +985,9 @@ ifdef CONFIG_FILS
OBJS += ../src/ap/fils_hlp.o
endif
ifdef CONFIG_CTRL_IFACE
@@ -42,7 +42,7 @@
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
-@@ -2325,7 +2325,7 @@ static int wpa_supplicant_ctrl_iface_sta
+@@ -2326,7 +2326,7 @@ static int wpa_supplicant_ctrl_iface_sta
pos += ret;
}
@@ -51,7 +51,7 @@
if (wpa_s->ap_iface) {
pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
end - pos,
-@@ -11565,6 +11565,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -11964,6 +11964,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = -1;
} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
@@ -59,7 +59,7 @@
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
if (reply_len >= 0) {
-@@ -11577,6 +11578,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -11976,6 +11977,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_size - reply_len);
#endif /* CONFIG_MACSEC */
}
@@ -67,7 +67,7 @@
} else if (os_strncmp(buf, "STATUS", 6) == 0) {
reply_len = wpa_supplicant_ctrl_iface_status(
wpa_s, buf + 6, reply, reply_size);
-@@ -12065,6 +12067,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12464,6 +12466,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = wpa_supplicant_ctrl_iface_bss(
wpa_s, buf + 4, reply, reply_size);
#ifdef CONFIG_AP
@@ -75,7 +75,7 @@
} else if (os_strcmp(buf, "STA-FIRST") == 0) {
reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
} else if (os_strncmp(buf, "STA ", 4) == 0) {
-@@ -12073,12 +12076,15 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12472,12 +12475,15 @@ char * wpa_supplicant_ctrl_iface_process
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
reply_size);
@@ -93,15 +93,61 @@
reply_len = -1;
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
-@@ -26,6 +26,7 @@
+@@ -26,6 +26,26 @@
#include "taxonomy.h"
#include "wnm_ap.h"
++static const char * hw_mode_str(enum hostapd_hw_mode mode)
++{
++ switch (mode) {
++ case HOSTAPD_MODE_IEEE80211B:
++ return "b";
++ case HOSTAPD_MODE_IEEE80211G:
++ return "g";
++ case HOSTAPD_MODE_IEEE80211A:
++ return "a";
++ case HOSTAPD_MODE_IEEE80211AD:
++ return "ad";
++ case HOSTAPD_MODE_IEEE80211ANY:
++ return "any";
++ case NUM_HOSTAPD_MODES:
++ return "invalid";
++ }
++ return "unknown";
++}
++
+#ifdef CONFIG_CTRL_IFACE_MIB
static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
size_t curr_len, const u8 *mcs_set)
-@@ -460,6 +461,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+@@ -212,26 +232,6 @@ static const char * timeout_next_str(int
+ }
+
+
+-static const char * hw_mode_str(enum hostapd_hw_mode mode)
+-{
+- switch (mode) {
+- case HOSTAPD_MODE_IEEE80211B:
+- return "b";
+- case HOSTAPD_MODE_IEEE80211G:
+- return "g";
+- case HOSTAPD_MODE_IEEE80211A:
+- return "a";
+- case HOSTAPD_MODE_IEEE80211AD:
+- return "ad";
+- case HOSTAPD_MODE_IEEE80211ANY:
+- return "any";
+- case NUM_HOSTAPD_MODES:
+- return "invalid";
+- }
+- return "unknown";
+-}
+-
+-
+ static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
+ struct sta_info *sta,
+ char *buf, size_t buflen)
+@@ -493,6 +493,7 @@ int hostapd_ctrl_iface_sta_next(struct h
return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
}
@@ -109,7 +155,7 @@
#ifdef CONFIG_P2P_MANAGER
static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
-@@ -832,12 +834,12 @@ int hostapd_ctrl_iface_status(struct hos
+@@ -884,12 +885,12 @@ int hostapd_ctrl_iface_status(struct hos
return len;
len += ret;
}
@@ -126,7 +172,7 @@
if (os_snprintf_error(buflen - len, ret))
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
-@@ -2740,6 +2740,7 @@ static const char * bool_txt(bool val)
+@@ -2834,6 +2834,7 @@ static const char * bool_txt(bool val)
return val ? "TRUE" : "FALSE";
}
@@ -134,7 +180,7 @@
int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
{
-@@ -2926,6 +2927,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+@@ -3020,6 +3021,7 @@ int ieee802_1x_get_mib_sta(struct hostap
return len;
}
@@ -144,7 +190,7 @@
static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
-@@ -4559,6 +4559,7 @@ static const char * wpa_bool_txt(int val
+@@ -5328,6 +5328,7 @@ static const char * wpa_bool_txt(int val
return val ? "TRUE" : "FALSE";
}
@@ -152,7 +198,7 @@
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
-@@ -4709,7 +4710,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+@@ -5480,7 +5481,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
return len;
}
@@ -163,7 +209,7 @@
{
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
-@@ -2802,6 +2802,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+@@ -3834,6 +3834,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
}
@@ -172,7 +218,7 @@
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
-@@ -2883,6 +2885,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+@@ -3915,6 +3917,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
return (int) len;
}
@@ -182,7 +228,7 @@
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
-@@ -1477,7 +1477,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+@@ -1499,7 +1499,7 @@ int wpas_ap_wps_nfc_report_handover(stru
#endif /* CONFIG_WPS */
diff --git a/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch b/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch
index d2414faf0..e9083f6ec 100644
--- a/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch
+++ b/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch
@@ -1,6 +1,6 @@
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
-@@ -744,7 +744,7 @@ static int wpa_ctrl_command_sta(struct w
+@@ -757,7 +757,7 @@ static int wpa_ctrl_command_sta(struct w
}
buf[len] = '\0';
diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
index bf481c3ba..40c39ff29 100644
--- a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
+++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
@@ -1,6 +1,6 @@
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
-@@ -2529,6 +2529,31 @@ u32 wpa_akm_to_suite(int akm)
+@@ -2719,6 +2719,31 @@ u32 wpa_akm_to_suite(int akm)
}
@@ -32,7 +32,7 @@
int wpa_compare_rsn_ie(int ft_initial_assoc,
const u8 *ie1, size_t ie1len,
const u8 *ie2, size_t ie2len)
-@@ -2536,8 +2561,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+@@ -2726,8 +2751,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
if (ie1 == NULL || ie2 == NULL)
return -1;
diff --git a/package/network/services/hostapd/patches/410-limit_debug_messages.patch b/package/network/services/hostapd/patches/410-limit_debug_messages.patch
index d2713fc29..48a558920 100644
--- a/package/network/services/hostapd/patches/410-limit_debug_messages.patch
+++ b/package/network/services/hostapd/patches/410-limit_debug_messages.patch
@@ -60,7 +60,7 @@
#ifdef CONFIG_DEBUG_FILE
static char *last_path = NULL;
#endif /* CONFIG_DEBUG_FILE */
-@@ -636,7 +610,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
+@@ -644,7 +618,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
}
@@ -69,7 +69,7 @@
{
va_list ap;
char *buf;
-@@ -674,7 +648,7 @@ void wpa_msg(void *ctx, int level, const
+@@ -682,7 +656,7 @@ void wpa_msg(void *ctx, int level, const
}
@@ -80,9 +80,9 @@
char *buf;
--- a/src/utils/wpa_debug.h
+++ b/src/utils/wpa_debug.h
-@@ -50,6 +50,17 @@ int wpa_debug_reopen_file(void);
- void wpa_debug_close_file(void);
+@@ -51,6 +51,17 @@ void wpa_debug_close_file(void);
void wpa_debug_setup_stdout(void);
+ void wpa_debug_stop_log(void);
+/* internal */
+void _wpa_hexdump(int level, const char *title, const u8 *buf,
@@ -98,7 +98,7 @@
/**
* wpa_debug_printf_timestamp - Print timestamp for debug output
*
-@@ -70,9 +81,15 @@ void wpa_debug_print_timestamp(void);
+@@ -71,9 +82,15 @@ void wpa_debug_print_timestamp(void);
*
* Note: New line '\n' is added to the end of the text when printing to stdout.
*/
@@ -115,7 +115,7 @@
/**
* wpa_hexdump - conditional hex dump
* @level: priority level (MSG_*) of the message
-@@ -84,7 +101,13 @@ PRINTF_FORMAT(2, 3);
+@@ -85,7 +102,13 @@ PRINTF_FORMAT(2, 3);
* output may be directed to stdout, stderr, and/or syslog based on
* configuration. The contents of buf is printed out has hex dump.
*/
@@ -130,7 +130,7 @@
static inline void wpa_hexdump_buf(int level, const char *title,
const struct wpabuf *buf)
-@@ -106,7 +129,13 @@ static inline void wpa_hexdump_buf(int l
+@@ -107,7 +130,13 @@ static inline void wpa_hexdump_buf(int l
* like wpa_hexdump(), but by default, does not include secret keys (passwords,
* etc.) in debug output.
*/
@@ -145,7 +145,7 @@
static inline void wpa_hexdump_buf_key(int level, const char *title,
const struct wpabuf *buf)
-@@ -128,8 +157,14 @@ static inline void wpa_hexdump_buf_key(i
+@@ -129,8 +158,14 @@ static inline void wpa_hexdump_buf_key(i
* the hex numbers and ASCII characters (for printable range) are shown. 16
* bytes per line will be shown.
*/
@@ -162,7 +162,7 @@
/**
* wpa_hexdump_ascii_key - conditional hex dump, hide keys
-@@ -145,8 +180,14 @@ void wpa_hexdump_ascii(int level, const
+@@ -146,8 +181,14 @@ void wpa_hexdump_ascii(int level, const
* bytes per line will be shown. This works like wpa_hexdump_ascii(), but by
* default, does not include secret keys (passwords, etc.) in debug output.
*/
@@ -179,7 +179,7 @@
/*
* wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce
-@@ -183,7 +224,12 @@ void wpa_hexdump_ascii_key(int level, co
+@@ -184,7 +225,12 @@ void wpa_hexdump_ascii_key(int level, co
*
* Note: New line '\n' is added to the end of the text when printing to stdout.
*/
@@ -193,7 +193,7 @@
/**
* wpa_msg_ctrl - Conditional printf for ctrl_iface monitors
-@@ -197,8 +243,13 @@ void wpa_msg(void *ctx, int level, const
+@@ -198,8 +244,13 @@ void wpa_msg(void *ctx, int level, const
* attached ctrl_iface monitors. In other words, it can be used for frequent
* events that do not need to be sent to syslog.
*/
diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch
index 12edb6bac..786b83d31 100644
--- a/package/network/services/hostapd/patches/420-indicate-features.patch
+++ b/package/network/services/hostapd/patches/420-indicate-features.patch
@@ -9,7 +9,7 @@
struct hapd_global {
void **drv_priv;
-@@ -692,7 +692,7 @@ int main(int argc, char *argv[])
+@@ -786,7 +786,7 @@ int main(int argc, char *argv[])
wpa_supplicant_event = hostapd_wpa_event;
wpa_supplicant_event_global = hostapd_wpa_event_global;
for (;;) {
@@ -18,7 +18,7 @@
if (c < 0)
break;
switch (c) {
-@@ -729,6 +729,8 @@ int main(int argc, char *argv[])
+@@ -823,6 +823,8 @@ int main(int argc, char *argv[])
break;
#endif /* CONFIG_DEBUG_LINUX_TRACING */
case 'v':
diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
index e52420953..a21f0bf7c 100644
--- a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
+++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
@@ -1,6 +1,6 @@
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
-@@ -388,7 +388,6 @@ static int hostapd_cli_cmd_disassociate(
+@@ -401,7 +401,6 @@ static int hostapd_cli_cmd_disassociate(
}
@@ -8,7 +8,7 @@
static int hostapd_cli_cmd_signature(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
-@@ -401,7 +400,6 @@ static int hostapd_cli_cmd_signature(str
+@@ -414,7 +413,6 @@ static int hostapd_cli_cmd_signature(str
os_snprintf(buf, sizeof(buf), "SIGNATURE %s", argv[0]);
return wpa_ctrl_command(ctrl, buf);
}
@@ -16,7 +16,7 @@
static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc,
-@@ -418,7 +416,6 @@ static int hostapd_cli_cmd_sa_query(stru
+@@ -431,7 +429,6 @@ static int hostapd_cli_cmd_sa_query(stru
}
@@ -24,7 +24,7 @@
static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
-@@ -644,7 +641,6 @@ static int hostapd_cli_cmd_wps_config(st
+@@ -657,7 +654,6 @@ static int hostapd_cli_cmd_wps_config(st
ssid_hex, argv[1]);
return wpa_ctrl_command(ctrl, buf);
}
@@ -32,7 +32,7 @@
static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
-@@ -1588,13 +1584,10 @@ static const struct hostapd_cli_cmd host
+@@ -1610,13 +1606,10 @@ static const struct hostapd_cli_cmd host
{ "disassociate", hostapd_cli_cmd_disassociate,
hostapd_complete_stations,
"<addr> = disassociate a station" },
@@ -46,7 +46,7 @@
{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
"<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
-@@ -1619,7 +1612,6 @@ static const struct hostapd_cli_cmd host
+@@ -1641,7 +1634,6 @@ static const struct hostapd_cli_cmd host
"<SSID> <auth> <encr> <key> = configure AP" },
{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
"= show current WPS status" },
diff --git a/package/network/services/hostapd/patches/432-missing-typedef.patch b/package/network/services/hostapd/patches/432-missing-typedef.patch
deleted file mode 100644
index 7a100f1a0..000000000
--- a/package/network/services/hostapd/patches/432-missing-typedef.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- a/src/drivers/linux_wext.h
-+++ b/src/drivers/linux_wext.h
-@@ -26,6 +26,7 @@ typedef int32_t __s32;
- typedef uint16_t __u16;
- typedef int16_t __s16;
- typedef uint8_t __u8;
-+typedef int8_t __s8;
- #ifndef __user
- #define __user
- #endif /* __user */
diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch
index ac874ad66..45886896e 100644
--- a/package/network/services/hostapd/patches/450-scan_wait.patch
+++ b/package/network/services/hostapd/patches/450-scan_wait.patch
@@ -24,16 +24,16 @@
/**
* hostapd_driver_init - Preparate driver interface
-@@ -164,6 +174,8 @@ static int hostapd_driver_init(struct ho
- return -1;
+@@ -217,6 +227,8 @@ static int hostapd_driver_init(struct ho
}
+ #endif /* CONFIG_IEEE80211BE */
+ hapd->setup_complete_cb = hostapd_setup_complete_cb;
+
/* Initialize the driver interface */
if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
b = NULL;
-@@ -404,8 +416,6 @@ static void hostapd_global_deinit(const
+@@ -497,8 +509,6 @@ static void hostapd_global_deinit(const
#endif /* CONFIG_NATIVE_WINDOWS */
eap_server_unregister_methods();
@@ -42,7 +42,7 @@
}
-@@ -431,18 +441,6 @@ static int hostapd_global_run(struct hap
+@@ -524,18 +534,6 @@ static int hostapd_global_run(struct hap
}
#endif /* EAP_SERVER_TNC */
@@ -61,7 +61,7 @@
eloop_run();
return 0;
-@@ -645,8 +643,7 @@ int main(int argc, char *argv[])
+@@ -739,8 +737,7 @@ int main(int argc, char *argv[])
struct hapd_interfaces interfaces;
int ret = 1;
size_t i, j;
diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
index 38ff66317..4c7286813 100644
--- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
+++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
@@ -22,7 +22,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
#include "common/defs.h"
#include "common/ieee802_11_defs.h"
#include "common/wpa_common.h"
-@@ -894,6 +895,9 @@ struct wpa_driver_associate_params {
+@@ -953,6 +954,9 @@ struct wpa_driver_associate_params {
* responsible for selecting with which BSS to associate. */
const u8 *bssid;
@@ -42,7 +42,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
#include "config.h"
-@@ -2345,6 +2346,97 @@ static char * wpa_config_write_peerkey(c
+@@ -2389,6 +2390,97 @@ static char * wpa_config_write_mac_value
#endif /* NO_CONFIG_WRITE */
@@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
/* Helper macros for network block parser */
#ifdef OFFSET
-@@ -2629,6 +2721,8 @@ static const struct parse_data ssid_fiel
+@@ -2674,6 +2766,8 @@ static const struct parse_data ssid_fiel
{ INT(ap_max_inactivity) },
{ INT(dtim_period) },
{ INT(beacon_int) },
@@ -162,7 +162,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
-@@ -846,6 +848,9 @@ struct wpa_ssid {
+@@ -879,6 +881,9 @@ struct wpa_ssid {
*/
void *parent_cred;
@@ -174,7 +174,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
* macsec_policy - Determines the policy for MACsec secure session
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -3899,6 +3899,12 @@ static void wpas_start_assoc_cb(struct w
+@@ -4203,6 +4203,12 @@ static void wpas_start_assoc_cb(struct w
params.beacon_int = ssid->beacon_int;
else
params.beacon_int = wpa_s->conf->beacon_int;
diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
deleted file mode 100644
index 65d67b8b0..000000000
--- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From ffc4445958a3ed4064f2e1bf73fa478a61c5cf7b Mon Sep 17 00:00:00 2001
-From: Antonio Quartulli <ordex@autistici.org>
-Date: Sun, 3 Jun 2012 18:42:25 +0200
-Subject: [PATCHv2 602/602] driver_nl80211: use new parameters during ibss join
-
-Signed-hostap: Antonio Quartulli <ordex@autistici.org>
----
- src/drivers/driver_nl80211.c | 33 ++++++++++++++++++++++++++++++++-
- 1 file changed, 32 insertions(+), 1 deletion(-)
-
---- a/src/drivers/driver_nl80211.c
-+++ b/src/drivers/driver_nl80211.c
-@@ -6005,7 +6005,7 @@ static int wpa_driver_nl80211_ibss(struc
- struct wpa_driver_associate_params *params)
- {
- struct nl_msg *msg;
-- int ret = -1;
-+ int ret = -1, i;
- int count = 0;
-
- wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
-@@ -6032,6 +6032,37 @@ retry:
- nl80211_put_beacon_int(msg, params->beacon_int))
- goto fail;
-
-+ if (params->fixed_freq) {
-+ wpa_printf(MSG_DEBUG, " * fixed_freq");
-+ nla_put_flag(msg, NL80211_ATTR_FREQ_FIXED);
-+ }
-+
-+ if (params->beacon_int > 0) {
-+ wpa_printf(MSG_DEBUG, " * beacon_int=%d",
-+ params->beacon_int);
-+ nla_put_u32(msg, NL80211_ATTR_BEACON_INTERVAL,
-+ params->beacon_int);
-+ }
-+
-+ if (params->rates[0] > 0) {
-+ wpa_printf(MSG_DEBUG, " * basic_rates:");
-+ i = 0;
-+ while (i < NL80211_MAX_SUPP_RATES &&
-+ params->rates[i] > 0) {
-+ wpa_printf(MSG_DEBUG, " %.1f",
-+ (double)params->rates[i] / 2);
-+ i++;
-+ }
-+ nla_put(msg, NL80211_ATTR_BSS_BASIC_RATES, i,
-+ params->rates);
-+ }
-+
-+ if (params->mcast_rate > 0) {
-+ wpa_printf(MSG_DEBUG, " * mcast_rate=%.1f",
-+ (double)params->mcast_rate / 10);
-+ nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate);
-+ }
-+
- ret = nl80211_set_conn_keys(params, msg);
- if (ret)
- goto fail;
diff --git a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
index 5dc19fede..be9e0507d 100644
--- a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
+++ b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
@@ -19,7 +19,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -1661,6 +1661,7 @@ struct wpa_driver_mesh_join_params {
+@@ -1827,6 +1827,7 @@ struct wpa_driver_mesh_join_params {
#define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008
unsigned int flags;
bool handle_dfs;
@@ -29,7 +29,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
struct wpa_driver_set_key_params {
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -10627,6 +10627,18 @@ static int nl80211_put_mesh_id(struct nl
+@@ -11626,6 +11626,18 @@ static int nl80211_put_mesh_id(struct nl
}
@@ -48,7 +48,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
static int nl80211_put_mesh_config(struct nl_msg *msg,
struct wpa_driver_mesh_bss_params *params)
{
-@@ -10688,6 +10700,7 @@ static int nl80211_join_mesh(struct i802
+@@ -11687,6 +11699,7 @@ static int nl80211_join_mesh(struct i802
nl80211_put_basic_rates(msg, params->basic_rates) ||
nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
nl80211_put_beacon_int(msg, params->beacon_int) ||
diff --git a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
index 48086ea0e..c7e8cf25c 100644
--- a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
+++ b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
@@ -1,19 +1,13 @@
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2539,11 +2539,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
- for (j = 0; j < wpa_s->last_scan_res_used; j++) {
- struct wpa_bss *bss = wpa_s->last_scan_res[j];
+@@ -3094,6 +3094,10 @@ void ibss_mesh_setup_freq(struct wpa_sup
-- if (ssid->mode != WPAS_MODE_IBSS)
-+ /* Don't adjust control freq in case of fixed_freq */
-+ if (ssid->fixed_freq) {
-+ obss_scan = 0;
- break;
-+ }
+ freq->freq = ssid->frequency;
-- /* Don't adjust control freq in case of fixed_freq */
-- if (ssid->fixed_freq)
-+ if (ssid->mode != WPAS_MODE_IBSS)
- break;
++ if (ssid->fixed_freq) {
++ obss_scan = 0;
++ }
++
+ if (ssid->mode == WPAS_MODE_IBSS && !ssid->fixed_freq) {
+ struct wpa_bss *bss = ibss_find_existing_bss(wpa_s, ssid);
- if (!bss_is_ibss(bss))
diff --git a/package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch b/package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch
index 6810b797c..7d3d94648 100644
--- a/package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch
+++ b/package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch
@@ -13,7 +13,7 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3489,6 +3489,8 @@ static int hostapd_config_fill(struct ho
+@@ -3500,6 +3500,8 @@ static int hostapd_config_fill(struct ho
} else if (os_strcmp(buf, "he_bss_color") == 0) {
conf->he_op.he_bss_color = atoi(pos) & 0x3f;
conf->he_op.he_bss_color_disabled = 0;
diff --git a/package/network/services/hostapd/patches/470-survey_data_fallback.patch b/package/network/services/hostapd/patches/470-survey_data_fallback.patch
index 359b5f3ef..79ab48c5c 100644
--- a/package/network/services/hostapd/patches/470-survey_data_fallback.patch
+++ b/package/network/services/hostapd/patches/470-survey_data_fallback.patch
@@ -1,24 +1,29 @@
--- a/src/ap/acs.c
+++ b/src/ap/acs.c
-@@ -420,20 +420,19 @@ static int acs_usable_bw160_chan(const s
+@@ -455,17 +455,17 @@ static int acs_get_bw_center_chan(int fr
static int acs_survey_is_sufficient(struct freq_survey *survey)
{
if (!(survey->filled & SURVEY_HAS_NF)) {
+ survey->nf = -95;
- wpa_printf(MSG_INFO, "ACS: Survey is missing noise floor");
+ wpa_printf(MSG_INFO,
+ "ACS: Survey for freq %d is missing noise floor",
+ survey->freq);
- return 0;
}
if (!(survey->filled & SURVEY_HAS_CHAN_TIME)) {
+ survey->channel_time = 0;
- wpa_printf(MSG_INFO, "ACS: Survey is missing channel time");
+ wpa_printf(MSG_INFO,
+ "ACS: Survey for freq %d is missing channel time",
+ survey->freq);
- return 0;
}
if (!(survey->filled & SURVEY_HAS_CHAN_TIME_BUSY) &&
- !(survey->filled & SURVEY_HAS_CHAN_TIME_RX)) {
+@@ -473,7 +473,6 @@ static int acs_survey_is_sufficient(stru
wpa_printf(MSG_INFO,
- "ACS: Survey is missing RX and busy time (at least one is required)");
+ "ACS: Survey for freq %d is missing RX and busy time (at least one is required)",
+ survey->freq);
- return 0;
}
diff --git a/package/network/services/hostapd/patches/500-lto-jobserver-support.patch b/package/network/services/hostapd/patches/500-lto-jobserver-support.patch
index 1a0ce1256..046da42ab 100644
--- a/package/network/services/hostapd/patches/500-lto-jobserver-support.patch
+++ b/package/network/services/hostapd/patches/500-lto-jobserver-support.patch
@@ -1,6 +1,6 @@
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -1394,7 +1394,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
+@@ -1396,7 +1396,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
@$(AR) cr $@ hostapd_multi.o $(OBJS)
hostapd: $(OBJS)
@@ -9,7 +9,7 @@
@$(E) " LD " $@
ifdef CONFIG_WPA_TRACE
-@@ -1405,7 +1405,7 @@ _OBJS_VAR := OBJS_c
+@@ -1407,7 +1407,7 @@ _OBJS_VAR := OBJS_c
include ../src/objs.mk
hostapd_cli: $(OBJS_c)
@@ -20,7 +20,7 @@
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -2025,31 +2025,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
+@@ -2039,31 +2039,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
@$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
diff --git a/package/network/services/hostapd/patches/590-rrm-wnm-statistics.patch b/package/network/services/hostapd/patches/590-rrm-wnm-statistics.patch
index 98b8820cd..0efa6db90 100644
--- a/package/network/services/hostapd/patches/590-rrm-wnm-statistics.patch
+++ b/package/network/services/hostapd/patches/590-rrm-wnm-statistics.patch
@@ -1,6 +1,6 @@
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
-@@ -162,6 +162,21 @@ struct hostapd_sae_commit_queue {
+@@ -163,6 +163,21 @@ struct hostapd_sae_commit_queue {
};
/**
@@ -22,9 +22,9 @@
* struct hostapd_data - hostapd per-BSS data structure
*/
struct hostapd_data {
-@@ -175,6 +190,9 @@ struct hostapd_data {
+@@ -182,6 +197,9 @@ struct hostapd_data {
- u8 own_addr[ETH_ALEN];
+ struct hostapd_data *mld_first_bss;
+ /* OpenWrt specific statistics */
+ struct hostapd_openwrt_stats openwrt_stats;
@@ -42,9 +42,9 @@
wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u "
"validity_interval=%u",
-@@ -659,10 +660,12 @@ int ieee802_11_rx_wnm_action_ap(struct h
-
- switch (action) {
+@@ -790,10 +791,12 @@ int ieee802_11_rx_wnm_action_ap(struct h
+ plen);
+ return 0;
case WNM_BSS_TRANS_MGMT_QUERY:
+ hapd->openwrt_stats.wnm.bss_transition_query_rx++;
ieee802_11_rx_bss_trans_mgmt_query(hapd, mgmt->sa, payload,
@@ -55,7 +55,7 @@
ieee802_11_rx_bss_trans_mgmt_resp(hapd, mgmt->sa, payload,
plen);
return 0;
-@@ -709,6 +712,7 @@ int wnm_send_disassoc_imminent(struct ho
+@@ -840,6 +843,7 @@ int wnm_send_disassoc_imminent(struct ho
pos = mgmt->u.action.u.bss_tm_req.variable;
@@ -63,7 +63,7 @@
wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request frame to indicate imminent disassociation (disassoc_timer=%d) to "
MACSTR, disassoc_timer, MAC2STR(sta->addr));
if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
-@@ -790,6 +794,7 @@ int wnm_send_ess_disassoc_imminent(struc
+@@ -921,6 +925,7 @@ int wnm_send_ess_disassoc_imminent(struc
return -1;
}
@@ -71,7 +71,7 @@
if (disassoc_timer) {
/* send disassociation frame after time-out */
set_disassoc_timer(hapd, sta, disassoc_timer);
-@@ -870,6 +875,7 @@ int wnm_send_bss_tm_req(struct hostapd_d
+@@ -1001,6 +1006,7 @@ int wnm_send_bss_tm_req(struct hostapd_d
}
os_free(buf);
diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index 521e7df82..f3936342a 100644
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -31,7 +31,7 @@
};
enum hostapd_chan_status {
-@@ -183,6 +184,7 @@ struct hostapd_data {
+@@ -184,6 +185,7 @@ struct hostapd_data {
struct hostapd_iface *iface;
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
@@ -39,7 +39,7 @@
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
-@@ -673,6 +675,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -695,6 +697,7 @@ hostapd_alloc_bss_data(struct hostapd_if
struct hostapd_bss_config *bss);
int hostapd_setup_interface(struct hostapd_iface *iface);
int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
@@ -49,7 +49,7 @@
struct hostapd_iface * hostapd_alloc_iface(void);
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -401,6 +401,7 @@ void hostapd_free_hapd_data(struct hosta
+@@ -455,6 +455,7 @@ void hostapd_free_hapd_data(struct hosta
hapd->beacon_set_done = 0;
wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
@@ -57,7 +57,7 @@
accounting_deinit(hapd);
hostapd_deinit_wpa(hapd);
vlan_deinit(hapd);
-@@ -1431,6 +1432,8 @@ static int hostapd_setup_bss(struct host
+@@ -1207,6 +1208,8 @@ static int hostapd_start_beacon(struct h
if (hapd->driver && hapd->driver->set_operstate)
hapd->driver->set_operstate(hapd->drv_priv, 1);
@@ -66,7 +66,7 @@
return 0;
}
-@@ -2050,6 +2053,7 @@ static int hostapd_setup_interface_compl
+@@ -2295,6 +2298,7 @@ static int hostapd_setup_interface_compl
if (err)
goto fail;
@@ -74,15 +74,15 @@
wpa_printf(MSG_DEBUG, "Completing interface initialization");
if (iface->freq) {
#ifdef NEED_AP_MLME
-@@ -2248,6 +2252,7 @@ dfs_offload:
+@@ -2514,6 +2518,7 @@ dfs_offload:
fail:
wpa_printf(MSG_ERROR, "Interface initialization failed");
+ hostapd_ubus_free_iface(iface);
- hostapd_set_state(iface, HAPD_IFACE_DISABLED);
- wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
- #ifdef CONFIG_FST
-@@ -2723,6 +2728,7 @@ void hostapd_interface_deinit_free(struc
+
+ if (iface->is_no_ir) {
+ hostapd_set_state(iface, HAPD_IFACE_NO_IR);
+@@ -3004,6 +3009,7 @@ void hostapd_interface_deinit_free(struc
(unsigned int) iface->conf->num_bss);
driver = iface->bss[0]->driver;
drv_priv = iface->bss[0]->drv_priv;
@@ -92,7 +92,7 @@
__func__, driver, drv_priv);
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
-@@ -3573,13 +3573,18 @@ static void handle_auth(struct hostapd_d
+@@ -2778,7 +2778,7 @@ static void handle_auth(struct hostapd_d
u16 auth_alg, auth_transaction, status_code;
u16 resp = WLAN_STATUS_SUCCESS;
struct sta_info *sta = NULL;
@@ -101,9 +101,10 @@
u16 fc;
const u8 *challenge = NULL;
u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
- size_t resp_ies_len = 0;
- u16 seq_ctrl;
+@@ -2787,6 +2787,11 @@ static void handle_auth(struct hostapd_d
struct radius_sta rad_info;
+ const u8 *dst, *sa, *bssid;
+ bool mld_sta = false;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_AUTH_REQ,
+ .mgmt_frame = mgmt,
@@ -112,7 +113,7 @@
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -3747,6 +3752,13 @@ static void handle_auth(struct hostapd_d
+@@ -2978,6 +2983,13 @@ static void handle_auth(struct hostapd_d
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
@@ -126,7 +127,7 @@
if (res == HOSTAPD_ACL_PENDING)
return;
-@@ -5488,7 +5500,7 @@ static void handle_assoc(struct hostapd_
+@@ -5141,7 +5153,7 @@ static void handle_assoc(struct hostapd_
int resp = WLAN_STATUS_SUCCESS;
u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
const u8 *pos;
@@ -135,7 +136,7 @@
struct sta_info *sta;
u8 *tmp = NULL;
#ifdef CONFIG_FILS
-@@ -5701,6 +5713,11 @@ static void handle_assoc(struct hostapd_
+@@ -5354,6 +5366,11 @@ static void handle_assoc(struct hostapd_
left = res;
}
#endif /* CONFIG_FILS */
@@ -147,7 +148,7 @@
/* followed by SSID and Supported rates; and HT capabilities if 802.11n
* is used */
-@@ -5799,6 +5816,13 @@ static void handle_assoc(struct hostapd_
+@@ -5452,6 +5469,13 @@ static void handle_assoc(struct hostapd_
}
#endif /* CONFIG_FILS */
@@ -161,26 +162,26 @@
fail:
/*
-@@ -5892,6 +5916,7 @@ static void handle_disassoc(struct hosta
- wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
- MAC2STR(mgmt->sa),
- le_to_host16(mgmt->u.disassoc.reason_code));
+@@ -5733,6 +5757,7 @@ static void handle_disassoc(struct hosta
+ (unsigned long) len);
+ return;
+ }
+ hostapd_ubus_notify(hapd, "disassoc", mgmt->sa);
sta = ap_get_sta(hapd, mgmt->sa);
- if (sta == NULL) {
-@@ -5961,6 +5986,8 @@ static void handle_deauth(struct hostapd
+ if (!sta) {
+@@ -5764,6 +5789,8 @@ static void handle_deauth(struct hostapd
/* Clear the PTKSA cache entries for PASN */
ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
+ hostapd_ubus_notify(hapd, "deauth", mgmt->sa);
+
sta = ap_get_sta(hapd, mgmt->sa);
- if (sta == NULL) {
- wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
+ if (!sta) {
+ wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
-@@ -919,6 +919,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -1036,6 +1036,12 @@ void handle_probe_req(struct hostapd_dat
u16 csa_offs[2];
size_t csa_offs_len;
struct radius_sta rad_info;
@@ -193,7 +194,7 @@
if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
ssi_signal < hapd->iconf->rssi_ignore_probe_request)
-@@ -1105,6 +1111,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -1222,6 +1228,12 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_P2P */
@@ -234,7 +235,7 @@
wpabuf_free(sta->p2p_ie);
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
-@@ -460,6 +460,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+@@ -471,6 +471,7 @@ void ap_handle_timer(void *eloop_ctx, vo
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
"local deauth request");
@@ -242,7 +243,7 @@
ap_free_sta(hapd, sta);
return;
}
-@@ -615,6 +616,7 @@ skip_poll:
+@@ -626,6 +627,7 @@ skip_poll:
mlme_deauthenticate_indication(
hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
@@ -250,7 +251,7 @@
ap_free_sta(hapd, sta);
break;
}
-@@ -1298,12 +1300,25 @@ void ap_sta_set_authorized(struct hostap
+@@ -1344,15 +1346,28 @@ void ap_sta_set_authorized(struct hostap
sta->addr, authorized, dev_addr);
if (authorized) {
@@ -265,18 +266,21 @@
+ [WLAN_AUTH_PASN] = "pasn",
+ };
+ const char *auth_alg = NULL;
+ const u8 *dpp_pkhash;
const char *keyid;
+ char dpp_pkhash_buf[100];
char keyid_buf[100];
char ip_addr[100];
+ char alg_buf[100];
+ dpp_pkhash_buf[0] = '\0';
keyid_buf[0] = '\0';
ip_addr[0] = '\0';
+ alg_buf[0] = '\0';
#ifdef CONFIG_P2P
if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
os_snprintf(ip_addr, sizeof(ip_addr),
-@@ -1313,22 +1328,31 @@ void ap_sta_set_authorized(struct hostap
+@@ -1362,6 +1377,13 @@ void ap_sta_set_authorized(struct hostap
}
#endif /* CONFIG_P2P */
@@ -285,27 +289,29 @@
+
+ if (auth_alg)
+ os_snprintf(alg_buf, sizeof(alg_buf),
-+ " auth_alg=%s", auth_alg);
++ " auth_alg=%s", auth_alg);
+
keyid = ap_sta_wpa_get_keyid(hapd, sta);
if (keyid) {
os_snprintf(keyid_buf, sizeof(keyid_buf),
- " keyid=%s", keyid);
+@@ -1380,17 +1402,19 @@ void ap_sta_set_authorized(struct hostap
+ dpp_pkhash, SHA256_MAC_LEN);
}
-- wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s",
-- buf, ip_addr, keyid_buf);
+- wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
+- buf, ip_addr, keyid_buf, dpp_pkhash_buf);
+ hostapd_ubus_notify_authorized(hapd, sta, auth_alg);
-+ wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
-+ buf, ip_addr, keyid_buf, alg_buf);
++ wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s%s",
++ buf, ip_addr, keyid_buf, dpp_pkhash_buf, alg_buf);
if (hapd->msg_ctx_parent &&
hapd->msg_ctx_parent != hapd->msg_ctx)
wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
-- AP_STA_CONNECTED "%s%s%s",
-- buf, ip_addr, keyid_buf);
-+ AP_STA_CONNECTED "%s%s%s%s",
-+ buf, ip_addr, keyid_buf, alg_buf);
+- AP_STA_CONNECTED "%s%s%s%s",
++ AP_STA_CONNECTED "%s%s%s%s%s",
+ buf, ip_addr, keyid_buf,
+- dpp_pkhash_buf);
++ dpp_pkhash_buf, alg_buf);
} else {
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
+ hostapd_ubus_notify(hapd, "disassoc", sta->addr);
@@ -314,7 +320,7 @@
hapd->msg_ctx_parent != hapd->msg_ctx)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
-@@ -268,6 +268,7 @@ static void hostapd_wpa_auth_psk_failure
+@@ -269,6 +269,7 @@ static void hostapd_wpa_auth_psk_failure
struct hostapd_data *hapd = ctx;
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
MAC2STR(addr));
@@ -324,7 +330,7 @@
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -183,6 +183,12 @@ ifdef CONFIG_EAPOL_TEST
+@@ -194,6 +194,12 @@ ifdef CONFIG_EAPOL_TEST
CFLAGS += -Werror -DEAPOL_TEST
endif
@@ -337,7 +343,7 @@
ifdef CONFIG_CODE_COVERAGE
CFLAGS += -O0 -fprofile-arcs -ftest-coverage
LIBS += -lgcov
-@@ -977,6 +983,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
+@@ -989,6 +995,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
CFLAGS += -DCONFIG_CTRL_IFACE_MIB
endif
OBJS += ../src/ap/ctrl_iface_ap.o
@@ -349,7 +355,7 @@
CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -7285,6 +7285,8 @@ struct wpa_supplicant * wpa_supplicant_a
+@@ -7635,6 +7635,8 @@ struct wpa_supplicant * wpa_supplicant_a
}
#endif /* CONFIG_P2P */
@@ -358,7 +364,7 @@
return wpa_s;
}
-@@ -7311,6 +7313,8 @@ int wpa_supplicant_remove_iface(struct w
+@@ -7661,6 +7663,8 @@ int wpa_supplicant_remove_iface(struct w
struct wpa_supplicant *parent = wpa_s->parent;
#endif /* CONFIG_MESH */
@@ -367,7 +373,7 @@
/* Remove interface from the global list of interfaces */
prev = global->ifaces;
if (prev == wpa_s) {
-@@ -7614,8 +7618,12 @@ int wpa_supplicant_run(struct wpa_global
+@@ -8007,8 +8011,12 @@ int wpa_supplicant_run(struct wpa_global
eloop_register_signal_terminate(wpa_supplicant_terminate, global);
eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
@@ -382,15 +388,15 @@
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
-@@ -20,6 +20,7 @@
- #include "wps/wps_defs.h"
+@@ -21,6 +21,7 @@
#include "config_ssid.h"
#include "wmm_ac.h"
+ #include "pasn/pasn_common.h"
+#include "ubus.h"
extern const char *const wpa_supplicant_version;
extern const char *const wpa_supplicant_license;
-@@ -323,6 +324,8 @@ struct wpa_global {
+@@ -324,6 +325,8 @@ struct wpa_global {
#endif /* CONFIG_WIFI_DISPLAY */
struct psk_list_entry *add_psk; /* From group formation */
@@ -399,7 +405,7 @@
};
-@@ -707,6 +710,7 @@ struct wpa_supplicant {
+@@ -655,6 +658,7 @@ struct wpa_supplicant {
unsigned char own_addr[ETH_ALEN];
unsigned char perm_addr[ETH_ALEN];
char ifname[100];
@@ -417,7 +423,7 @@
#ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
-@@ -391,6 +392,8 @@ static int wpa_supplicant_wps_cred(void
+@@ -402,6 +403,8 @@ static int wpa_supplicant_wps_cred(void
wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
cred->cred_attr, cred->cred_attr_len);
@@ -428,7 +434,7 @@
--- a/hostapd/main.c
+++ b/hostapd/main.c
-@@ -897,6 +897,7 @@ int main(int argc, char *argv[])
+@@ -991,6 +991,7 @@ int main(int argc, char *argv[])
}
hostapd_global_ctrl_iface_init(&interfaces);
@@ -436,7 +442,7 @@
if (hostapd_global_run(&interfaces, daemonize, pid_file)) {
wpa_printf(MSG_ERROR, "Failed to start eloop");
-@@ -906,6 +907,7 @@ int main(int argc, char *argv[])
+@@ -1000,6 +1001,7 @@ int main(int argc, char *argv[])
ret = 0;
out:
@@ -527,7 +533,7 @@
--- a/src/ap/dfs.c
+++ b/src/ap/dfs.c
-@@ -1203,6 +1203,8 @@ int hostapd_dfs_pre_cac_expired(struct h
+@@ -1211,6 +1211,8 @@ int hostapd_dfs_pre_cac_expired(struct h
"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
@@ -569,7 +575,7 @@
}
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
-@@ -328,6 +328,7 @@ struct sta_info {
+@@ -322,6 +322,7 @@ struct sta_info {
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_AIRTIME_POLICY
unsigned int airtime_weight;
diff --git a/package/network/services/hostapd/patches/700-wifi-reload.patch b/package/network/services/hostapd/patches/700-wifi-reload.patch
index 174127df6..0c7627645 100644
--- a/package/network/services/hostapd/patches/700-wifi-reload.patch
+++ b/package/network/services/hostapd/patches/700-wifi-reload.patch
@@ -1,6 +1,6 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -2416,6 +2416,8 @@ static int hostapd_config_fill(struct ho
+@@ -2420,6 +2420,8 @@ static int hostapd_config_fill(struct ho
bss->isolate = atoi(pos);
} else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
bss->ap_max_inactivity = atoi(pos);
@@ -8,8 +8,8 @@
+ bss->config_id = os_strdup(pos);
} else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
bss->skip_inactivity_poll = atoi(pos);
- } else if (os_strcmp(buf, "country_code") == 0) {
-@@ -3121,6 +3123,8 @@ static int hostapd_config_fill(struct ho
+ } else if (os_strcmp(buf, "config_id") == 0) {
+@@ -3130,6 +3132,8 @@ static int hostapd_config_fill(struct ho
}
} else if (os_strcmp(buf, "acs_exclude_dfs") == 0) {
conf->acs_exclude_dfs = atoi(pos);
@@ -20,15 +20,7 @@
} else if (os_strcmp(buf, "channel") == 0) {
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
-@@ -796,6 +796,7 @@ void hostapd_config_free_bss(struct host
- os_free(conf->radius_req_attr_sqlite);
- os_free(conf->rsn_preauth_interfaces);
- os_free(conf->ctrl_interface);
-+ os_free(conf->config_id);
- os_free(conf->ca_cert);
- os_free(conf->server_cert);
- os_free(conf->server_cert2);
-@@ -995,6 +996,7 @@ void hostapd_config_free(struct hostapd_
+@@ -998,6 +998,7 @@ void hostapd_config_free(struct hostapd_
for (i = 0; i < conf->num_bss; i++)
hostapd_config_free_bss(conf->bss[i]);
@@ -38,16 +30,7 @@
os_free(conf->basic_rates);
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -285,6 +285,8 @@ struct hostapd_bss_config {
- char vlan_bridge[IFNAMSIZ + 1];
- char wds_bridge[IFNAMSIZ + 1];
-
-+ char *config_id;
-+
- enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
-
- unsigned int logger_syslog; /* module bitfield */
-@@ -969,6 +971,7 @@ struct eht_phy_capabilities_info {
+@@ -998,6 +998,7 @@ struct eht_phy_capabilities_info {
struct hostapd_config {
struct hostapd_bss_config **bss, *last_bss;
size_t num_bss;
@@ -57,7 +40,7 @@
int rts_threshold;
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -224,6 +224,10 @@ static int hostapd_iface_conf_changed(st
+@@ -255,6 +255,10 @@ static int hostapd_iface_conf_changed(st
{
size_t i;
@@ -68,7 +51,7 @@
if (newconf->num_bss != oldconf->num_bss)
return 1;
-@@ -237,7 +241,7 @@ static int hostapd_iface_conf_changed(st
+@@ -268,7 +272,7 @@ static int hostapd_iface_conf_changed(st
}
@@ -77,26 +60,17 @@
{
struct hapd_interfaces *interfaces = iface->interfaces;
struct hostapd_data *hapd = iface->bss[0];
-@@ -260,13 +264,16 @@ int hostapd_reload_config(struct hostapd
- if (newconf == NULL)
- return -1;
-
-- hostapd_clear_old(iface);
--
- oldconf = hapd->iconf;
- if (hostapd_iface_conf_changed(newconf, oldconf)) {
+@@ -296,6 +300,9 @@ int hostapd_reload_config(struct hostapd
char *fname;
int res;
+ if (reconf)
+ return -1;
+
-+ hostapd_clear_old(iface);
-+
+ hostapd_clear_old(iface);
+
wpa_printf(MSG_DEBUG,
- "Configuration changes include interface/BSS modification - force full disable+enable sequence");
- fname = os_strdup(iface->config_fname);
-@@ -291,6 +298,24 @@ int hostapd_reload_config(struct hostapd
+@@ -322,6 +329,24 @@ int hostapd_reload_config(struct hostapd
wpa_printf(MSG_ERROR,
"Failed to enable interface on config reload");
return res;
@@ -121,7 +95,7 @@
}
iface->conf = newconf;
-@@ -307,6 +332,12 @@ int hostapd_reload_config(struct hostapd
+@@ -338,6 +363,12 @@ int hostapd_reload_config(struct hostapd
for (j = 0; j < iface->num_bss; j++) {
hapd = iface->bss[j];
@@ -131,10 +105,10 @@
+ }
+ if (newconf->bss[j]->config_id)
+ hapd->config_id = strdup(newconf->bss[j]->config_id);
- hapd->iconf = newconf;
- hapd->conf = newconf->bss[j];
- hostapd_reload_bss(hapd);
-@@ -2420,6 +2451,10 @@ hostapd_alloc_bss_data(struct hostapd_if
+ if (!hapd->conf->config_id || !newconf->bss[j]->config_id ||
+ os_strcmp(hapd->conf->config_id,
+ newconf->bss[j]->config_id) != 0)
+@@ -2700,6 +2731,10 @@ hostapd_alloc_bss_data(struct hostapd_if
hapd->iconf = conf;
hapd->conf = bss;
hapd->iface = hapd_iface;
@@ -156,7 +130,7 @@
struct hostapd_config * (*config_read_cb)(const char *config_fname);
int (*ctrl_iface_init)(struct hostapd_data *hapd);
void (*ctrl_iface_deinit)(struct hostapd_data *hapd);
-@@ -185,6 +185,7 @@ struct hostapd_data {
+@@ -186,6 +186,7 @@ struct hostapd_data {
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
struct hostapd_ubus_bss ubus;
@@ -164,7 +138,7 @@
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
-@@ -667,7 +668,7 @@ struct hostapd_iface {
+@@ -689,7 +690,7 @@ struct hostapd_iface {
int hostapd_for_each_interface(struct hapd_interfaces *interfaces,
int (*cb)(struct hostapd_iface *iface,
void *ctx), void *ctx);
@@ -175,19 +149,19 @@
hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -4852,6 +4852,9 @@ static int wpa_driver_nl80211_set_ap(voi
+@@ -5322,6 +5322,9 @@ static int wpa_driver_nl80211_set_ap(voi
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
ret, strerror(-ret));
-+ if (!bss->beacon_set)
++ if (!bss->flink->beacon_set)
+ ret = 0;
-+ bss->beacon_set = 0;
++ bss->flink->beacon_set = 0;
} else {
- bss->beacon_set = 1;
+ link->beacon_set = 1;
nl80211_set_bss(bss, params->cts_protect, params->preamble,
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
-@@ -186,7 +186,7 @@ static int hostapd_ctrl_iface_update(str
+@@ -187,7 +187,7 @@ static int hostapd_ctrl_iface_update(str
iface->interfaces->config_read_cb = hostapd_ctrl_iface_config_read;
reload_opts = txt;
@@ -198,7 +172,7 @@
}
--- a/hostapd/main.c
+++ b/hostapd/main.c
-@@ -317,7 +317,7 @@ static void handle_term(int sig, void *s
+@@ -410,7 +410,7 @@ static void handle_term(int sig, void *s
static int handle_reload_iface(struct hostapd_iface *iface, void *ctx)
{
diff --git a/package/network/services/hostapd/patches/710-vlan_no_bridge.patch b/package/network/services/hostapd/patches/710-vlan_no_bridge.patch
index b06ef8f68..61f33acb6 100644
--- a/package/network/services/hostapd/patches/710-vlan_no_bridge.patch
+++ b/package/network/services/hostapd/patches/710-vlan_no_bridge.patch
@@ -30,7 +30,7 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3346,6 +3346,8 @@ static int hostapd_config_fill(struct ho
+@@ -3355,6 +3355,8 @@ static int hostapd_config_fill(struct ho
#ifndef CONFIG_NO_VLAN
} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
bss->ssid.dynamic_vlan = atoi(pos);
diff --git a/package/network/services/hostapd/patches/711-wds_bridge_force.patch b/package/network/services/hostapd/patches/711-wds_bridge_force.patch
index 169807c61..c0f2c31c4 100644
--- a/package/network/services/hostapd/patches/711-wds_bridge_force.patch
+++ b/package/network/services/hostapd/patches/711-wds_bridge_force.patch
@@ -1,17 +1,17 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -2316,6 +2316,8 @@ static int hostapd_config_fill(struct ho
+@@ -2318,6 +2318,8 @@ static int hostapd_config_fill(struct ho
sizeof(conf->bss[0]->iface));
} else if (os_strcmp(buf, "bridge") == 0) {
os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
+ if (!bss->wds_bridge[0])
+ os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
+ } else if (os_strcmp(buf, "bridge_hairpin") == 0) {
+ bss->bridge_hairpin = atoi(pos);
} else if (os_strcmp(buf, "vlan_bridge") == 0) {
- os_strlcpy(bss->vlan_bridge, pos, sizeof(bss->vlan_bridge));
- } else if (os_strcmp(buf, "wds_bridge") == 0) {
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
-@@ -340,8 +340,6 @@ int hostapd_set_wds_sta(struct hostapd_d
+@@ -348,8 +348,6 @@ int hostapd_set_wds_sta(struct hostapd_d
return -1;
if (hapd->conf->wds_bridge[0])
bridge = hapd->conf->wds_bridge;
diff --git a/package/network/services/hostapd/patches/720-iface_max_num_sta.patch b/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
index ed76d22dd..0bb00f955 100644
--- a/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
+++ b/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
@@ -1,6 +1,6 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -2841,6 +2841,14 @@ static int hostapd_config_fill(struct ho
+@@ -2850,6 +2850,14 @@ static int hostapd_config_fill(struct ho
line, bss->max_num_sta, MAX_STA_COUNT);
return 1;
}
@@ -17,7 +17,7 @@
} else if (os_strcmp(buf, "extended_key_id") == 0) {
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
-@@ -711,6 +711,7 @@ void hostapd_cleanup_cs_params(struct ho
+@@ -734,6 +734,7 @@ void hostapd_cleanup_cs_params(struct ho
void hostapd_periodic_iface(struct hostapd_iface *iface);
int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
@@ -27,7 +27,7 @@
void hostapd_cleanup_cca_params(struct hostapd_data *hapd);
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -241,6 +241,30 @@ static int hostapd_iface_conf_changed(st
+@@ -272,6 +272,30 @@ static int hostapd_iface_conf_changed(st
}
@@ -60,7 +60,7 @@
struct hapd_interfaces *interfaces = iface->interfaces;
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
-@@ -1135,7 +1135,7 @@ void handle_probe_req(struct hostapd_dat
+@@ -1252,7 +1252,7 @@ void handle_probe_req(struct hostapd_dat
if (hapd->conf->no_probe_resp_if_max_sta &&
is_multicast_ether_addr(mgmt->da) &&
is_multicast_ether_addr(mgmt->bssid) &&
@@ -71,7 +71,7 @@
" since no room for additional STA",
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -1010,6 +1010,8 @@ struct hostapd_config {
+@@ -1037,6 +1037,8 @@ struct hostapd_config {
unsigned int track_sta_max_num;
unsigned int track_sta_max_age;
diff --git a/package/network/services/hostapd/patches/730-ft_iface.patch b/package/network/services/hostapd/patches/730-ft_iface.patch
index d9a4f15f0..563fe5b5f 100644
--- a/package/network/services/hostapd/patches/730-ft_iface.patch
+++ b/package/network/services/hostapd/patches/730-ft_iface.patch
@@ -1,6 +1,6 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3000,6 +3000,8 @@ static int hostapd_config_fill(struct ho
+@@ -3009,6 +3009,8 @@ static int hostapd_config_fill(struct ho
wpa_printf(MSG_INFO,
"Line %d: Obsolete peerkey parameter ignored", line);
#ifdef CONFIG_IEEE80211R_AP
@@ -18,10 +18,10 @@
+ char ft_iface[IFNAMSIZ + 1];
char vlan_bridge[IFNAMSIZ + 1];
char wds_bridge[IFNAMSIZ + 1];
-
+ int bridge_hairpin; /* hairpin_mode on bridge members */
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
-@@ -1595,8 +1595,12 @@ int hostapd_setup_wpa(struct hostapd_dat
+@@ -1727,8 +1727,12 @@ int hostapd_setup_wpa(struct hostapd_dat
wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
const char *ft_iface;
diff --git a/package/network/services/hostapd/patches/740-snoop_iface.patch b/package/network/services/hostapd/patches/740-snoop_iface.patch
index 608f15a25..6b6cc0fad 100644
--- a/package/network/services/hostapd/patches/740-snoop_iface.patch
+++ b/package/network/services/hostapd/patches/740-snoop_iface.patch
@@ -7,7 +7,7 @@
+ char snoop_iface[IFNAMSIZ + 1];
char vlan_bridge[IFNAMSIZ + 1];
char wds_bridge[IFNAMSIZ + 1];
-
+ int bridge_hairpin; /* hairpin_mode on bridge members */
--- a/src/ap/x_snoop.c
+++ b/src/ap/x_snoop.c
@@ -33,14 +33,16 @@ int x_snoop_init(struct hostapd_data *ha
@@ -55,10 +55,10 @@
"x_snoop: Failed to initialize L2 packet processing %s",
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -2318,6 +2318,8 @@ static int hostapd_config_fill(struct ho
- os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
- if (!bss->wds_bridge[0])
+@@ -2322,6 +2322,8 @@ static int hostapd_config_fill(struct ho
os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
+ } else if (os_strcmp(buf, "bridge_hairpin") == 0) {
+ bss->bridge_hairpin = atoi(pos);
+ } else if (os_strcmp(buf, "snoop_iface") == 0) {
+ os_strlcpy(bss->snoop_iface, pos, sizeof(bss->snoop_iface));
} else if (os_strcmp(buf, "vlan_bridge") == 0) {
diff --git a/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch b/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch
index 479d56155..124f5ea6b 100644
--- a/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch
+++ b/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch
@@ -1,6 +1,6 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -1602,6 +1602,8 @@ static int parse_anqp_elem(struct hostap
+@@ -1604,6 +1604,8 @@ static int parse_anqp_elem(struct hostap
return 0;
}
@@ -9,7 +9,7 @@
static int parse_qos_map_set(struct hostapd_bss_config *bss,
char *buf, int line)
-@@ -1643,8 +1645,6 @@ static int parse_qos_map_set(struct host
+@@ -1645,8 +1647,6 @@ static int parse_qos_map_set(struct host
return 0;
}
@@ -18,7 +18,7 @@
#ifdef CONFIG_HS20
static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf,
-@@ -4046,10 +4046,10 @@ static int hostapd_config_fill(struct ho
+@@ -4066,10 +4066,10 @@ static int hostapd_config_fill(struct ho
bss->gas_frag_limit = val;
} else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
bss->gas_comeback_delay = atoi(pos);
@@ -32,7 +32,7 @@
os_free(bss->dump_msk_file);
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -1424,6 +1424,7 @@ static int hostapd_setup_bss(struct host
+@@ -1534,6 +1534,7 @@ static int hostapd_setup_bss(struct host
wpa_printf(MSG_ERROR, "GAS server initialization failed");
return -1;
}
@@ -40,7 +40,7 @@
if (conf->qos_map_set_len &&
hostapd_drv_set_qos_map(hapd, conf->qos_map_set,
-@@ -1431,7 +1432,6 @@ static int hostapd_setup_bss(struct host
+@@ -1541,7 +1542,6 @@ static int hostapd_setup_bss(struct host
wpa_printf(MSG_ERROR, "Failed to initialize QoS Map");
return -1;
}
@@ -50,7 +50,7 @@
wpa_printf(MSG_ERROR, "BSS Load initialization failed");
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
-@@ -2586,8 +2586,6 @@ void wnm_bss_keep_alive_deinit(struct wp
+@@ -2683,8 +2683,6 @@ void wnm_bss_keep_alive_deinit(struct wp
}
@@ -59,16 +59,16 @@
static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map,
size_t len)
{
-@@ -2620,8 +2618,6 @@ static void interworking_process_assoc_r
+@@ -2717,8 +2715,6 @@ static void interworking_process_assoc_r
}
}
-#endif /* CONFIG_INTERWORKING */
-
- static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s,
- const u8 *ies, size_t ies_len)
-@@ -2954,10 +2950,8 @@ static int wpa_supplicant_event_associnf
+ static void wpa_supplicant_set_4addr_mode(struct wpa_supplicant *wpa_s)
+ {
+@@ -3098,10 +3094,8 @@ static int wpa_supplicant_event_associnf
wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len);
#endif /* CONFIG_WNM */
@@ -81,7 +81,7 @@
data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
-@@ -1100,13 +1100,11 @@ u8 * hostapd_eid_rsnxe(struct hostapd_da
+@@ -1116,13 +1116,11 @@ u8 * hostapd_eid_rsnxe(struct hostapd_da
u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *ext_capab_ie, size_t ext_capab_ie_len)
{
diff --git a/package/network/services/hostapd/patches/751-qos_map_ignore_when_unsupported.patch b/package/network/services/hostapd/patches/751-qos_map_ignore_when_unsupported.patch
index d90a27523..f5ebab70d 100644
--- a/package/network/services/hostapd/patches/751-qos_map_ignore_when_unsupported.patch
+++ b/package/network/services/hostapd/patches/751-qos_map_ignore_when_unsupported.patch
@@ -1,6 +1,6 @@
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
-@@ -864,7 +864,8 @@ int hostapd_start_dfs_cac(struct hostapd
+@@ -927,7 +927,8 @@ int hostapd_start_dfs_cac(struct hostapd
int hostapd_drv_set_qos_map(struct hostapd_data *hapd,
const u8 *qos_map_set, u8 qos_map_set_len)
{
diff --git a/package/network/services/hostapd/patches/760-dynamic_own_ip.patch b/package/network/services/hostapd/patches/760-dynamic_own_ip.patch
index 3d2b59e8c..946b4533b 100644
--- a/package/network/services/hostapd/patches/760-dynamic_own_ip.patch
+++ b/package/network/services/hostapd/patches/760-dynamic_own_ip.patch
@@ -1,6 +1,6 @@
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -311,6 +311,7 @@ struct hostapd_bss_config {
+@@ -310,6 +310,7 @@ struct hostapd_bss_config {
unsigned int eap_sim_db_timeout;
int eap_server_erp; /* Whether ERP is enabled on internal EAP server */
struct hostapd_ip_addr own_ip_addr;
@@ -85,7 +85,7 @@
RadiusType msg_type, const u8 *addr);
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
-@@ -535,6 +535,10 @@ int add_common_radius_attr(struct hostap
+@@ -598,6 +598,10 @@ int add_common_radius_attr(struct hostap
struct hostapd_radius_attr *attr;
int len;
@@ -98,7 +98,7 @@
hapd->conf->own_ip_addr.af == AF_INET &&
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -2681,6 +2681,8 @@ static int hostapd_config_fill(struct ho
+@@ -2690,6 +2690,8 @@ static int hostapd_config_fill(struct ho
} else if (os_strcmp(buf, "iapp_interface") == 0) {
wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used");
#endif /* CONFIG_IAPP */
diff --git a/package/network/services/hostapd/patches/761-shared_das_port.patch b/package/network/services/hostapd/patches/761-shared_das_port.patch
index 7516b7349..dad7afddf 100644
--- a/package/network/services/hostapd/patches/761-shared_das_port.patch
+++ b/package/network/services/hostapd/patches/761-shared_das_port.patch
@@ -10,14 +10,14 @@
unsigned int time_window;
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -1367,6 +1367,7 @@ static int hostapd_setup_bss(struct host
- struct radius_das_conf das_conf;
- os_memset(&das_conf, 0, sizeof(das_conf));
- das_conf.port = conf->radius_das_port;
-+ das_conf.nas_identifier = conf->nas_identifier;
- das_conf.shared_secret = conf->radius_das_shared_secret;
- das_conf.shared_secret_len =
- conf->radius_das_shared_secret_len;
+@@ -1471,6 +1471,7 @@ static int hostapd_setup_bss(struct host
+
+ os_memset(&das_conf, 0, sizeof(das_conf));
+ das_conf.port = conf->radius_das_port;
++ das_conf.nas_identifier = conf->nas_identifier;
+ das_conf.shared_secret = conf->radius_das_shared_secret;
+ das_conf.shared_secret_len =
+ conf->radius_das_shared_secret_len;
--- a/src/radius/radius_das.c
+++ b/src/radius/radius_das.c
@@ -12,13 +12,26 @@
diff --git a/package/network/services/hostapd/patches/770-radius_server.patch b/package/network/services/hostapd/patches/770-radius_server.patch
new file mode 100644
index 000000000..3f0f40c0f
--- /dev/null
+++ b/package/network/services/hostapd/patches/770-radius_server.patch
@@ -0,0 +1,154 @@
+--- a/hostapd/Makefile
++++ b/hostapd/Makefile
+@@ -63,6 +63,10 @@ endif
+ OBJS += main.o
+ OBJS += config_file.o
+
++ifdef CONFIG_RADIUS_SERVER
++OBJS += radius.o
++endif
++
+ OBJS += ../src/ap/hostapd.o
+ OBJS += ../src/ap/wpa_auth_glue.o
+ OBJS += ../src/ap/drv_callbacks.o
+--- a/hostapd/main.c
++++ b/hostapd/main.c
+@@ -42,6 +42,7 @@ static struct hapd_global global;
+ static int daemonize = 0;
+ static char *pid_file = NULL;
+
++extern int radius_main(int argc, char **argv);
+
+ #ifndef CONFIG_NO_HOSTAPD_LOGGER
+ static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
+@@ -665,6 +666,11 @@ int main(int argc, char *argv[])
+ if (os_program_init())
+ return -1;
+
++#ifdef RADIUS_SERVER
++ if (strstr(argv[0], "radius"))
++ return radius_main(argc, argv);
++#endif
++
+ os_memset(&interfaces, 0, sizeof(interfaces));
+ interfaces.reload_config = hostapd_reload_config;
+ interfaces.config_read_cb = hostapd_config_read;
+--- a/src/radius/radius_server.c
++++ b/src/radius/radius_server.c
+@@ -63,6 +63,12 @@ struct radius_server_counters {
+ u32 unknown_acct_types;
+ };
+
++struct radius_accept_attr {
++ u8 type;
++ u16 len;
++ void *data;
++};
++
+ /**
+ * struct radius_session - Internal RADIUS server data for a session
+ */
+@@ -90,7 +96,7 @@ struct radius_session {
+ unsigned int macacl:1;
+ unsigned int t_c_filtering:1;
+
+- struct hostapd_radius_attr *accept_attr;
++ struct radius_accept_attr *accept_attr;
+
+ u32 t_c_timestamp; /* Last read T&C timestamp from user DB */
+ };
+@@ -394,6 +400,7 @@ static void radius_server_session_free(s
+ radius_msg_free(sess->last_reply);
+ os_free(sess->username);
+ os_free(sess->nas_ip);
++ os_free(sess->accept_attr);
+ os_free(sess);
+ data->num_sess--;
+ }
+@@ -554,6 +561,36 @@ radius_server_erp_find_key(struct radius
+ }
+ #endif /* CONFIG_ERP */
+
++static struct radius_accept_attr *
++radius_server_copy_attr(const struct hostapd_radius_attr *data)
++{
++ const struct hostapd_radius_attr *attr;
++ struct radius_accept_attr *attr_new;
++ size_t data_size = 0;
++ void *data_buf;
++ int n_attr = 1;
++
++ for (attr = data; attr; attr = attr->next) {
++ n_attr++;
++ data_size += wpabuf_len(attr->val);
++ }
++
++ attr_new = os_zalloc(n_attr * sizeof(*attr) + data_size);
++ if (!attr_new)
++ return NULL;
++
++ data_buf = &attr_new[n_attr];
++ for (n_attr = 0, attr = data; attr; attr = attr->next) {
++ struct radius_accept_attr *cur = &attr_new[n_attr++];
++
++ cur->type = attr->type;
++ cur->len = wpabuf_len(attr->val);
++ cur->data = memcpy(data_buf, wpabuf_head(attr->val), cur->len);
++ data_buf += cur->len;
++ }
++
++ return attr_new;
++}
+
+ static struct radius_session *
+ radius_server_get_new_session(struct radius_server_data *data,
+@@ -607,7 +644,7 @@ radius_server_get_new_session(struct rad
+ eap_user_free(tmp);
+ return NULL;
+ }
+- sess->accept_attr = tmp->accept_attr;
++ sess->accept_attr = radius_server_copy_attr(tmp->accept_attr);
+ sess->macacl = tmp->macacl;
+ eap_user_free(tmp);
+
+@@ -1118,11 +1155,10 @@ radius_server_encapsulate_eap(struct rad
+ }
+
+ if (code == RADIUS_CODE_ACCESS_ACCEPT) {
+- struct hostapd_radius_attr *attr;
+- for (attr = sess->accept_attr; attr; attr = attr->next) {
+- if (!radius_msg_add_attr(msg, attr->type,
+- wpabuf_head(attr->val),
+- wpabuf_len(attr->val))) {
++ struct radius_accept_attr *attr;
++ for (attr = sess->accept_attr; attr->data; attr++) {
++ if (!radius_msg_add_attr(msg, attr->type, attr->data,
++ attr->len)) {
+ wpa_printf(MSG_ERROR, "Could not add RADIUS attribute");
+ radius_msg_free(msg);
+ return NULL;
+@@ -1211,11 +1247,10 @@ radius_server_macacl(struct radius_serve
+ }
+
+ if (code == RADIUS_CODE_ACCESS_ACCEPT) {
+- struct hostapd_radius_attr *attr;
+- for (attr = sess->accept_attr; attr; attr = attr->next) {
+- if (!radius_msg_add_attr(msg, attr->type,
+- wpabuf_head(attr->val),
+- wpabuf_len(attr->val))) {
++ struct radius_accept_attr *attr;
++ for (attr = sess->accept_attr; attr->data; attr++) {
++ if (!radius_msg_add_attr(msg, attr->type, attr->data,
++ attr->len)) {
+ wpa_printf(MSG_ERROR, "Could not add RADIUS attribute");
+ radius_msg_free(msg);
+ return NULL;
+@@ -2512,7 +2547,7 @@ static int radius_server_get_eap_user(vo
+ ret = data->get_eap_user(data->conf_ctx, identity, identity_len,
+ phase2, user);
+ if (ret == 0 && user) {
+- sess->accept_attr = user->accept_attr;
++ sess->accept_attr = radius_server_copy_attr(user->accept_attr);
+ sess->remediation = user->remediation;
+ sess->macacl = user->macacl;
+ sess->t_c_timestamp = user->t_c_timestamp;
diff --git a/package/network/services/hostapd/patches/800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch b/package/network/services/hostapd/patches/800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch
deleted file mode 100644
index 1d9e9564e..000000000
--- a/package/network/services/hostapd/patches/800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 37528a5205cb0b9e2238b7d97fb2ff5457448f1c Mon Sep 17 00:00:00 2001
-From: David Bauer <mail@david-bauer.net>
-Date: Thu, 8 Sep 2022 01:45:41 +0200
-Subject: [PATCH] acs: don't select indoor channel on outdoor operation
-
-Don't select channels designated for exclusive-indoor use when the
-country3 element is set on outdoor operation.
-
-Signed-off-by: David Bauer <mail@david-bauer.net>
----
- src/ap/acs.c | 9 +++++++++
- src/ap/dfs.c | 3 +++
- 2 files changed, 12 insertions(+)
-
---- a/src/ap/acs.c
-+++ b/src/ap/acs.c
-@@ -552,6 +552,9 @@ static void acs_survey_mode_interference
- if (chan->max_tx_power < iface->conf->min_tx_power)
- continue;
-
-+ if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
-+ continue;
-+
- wpa_printf(MSG_DEBUG, "ACS: Survey analysis for channel %d (%d MHz)",
- chan->chan, chan->freq);
-
-@@ -686,6 +689,9 @@ acs_find_ideal_chan_mode(struct hostapd_
- if (chan->max_tx_power < iface->conf->min_tx_power)
- continue;
-
-+ if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
-+ continue;
-+
- if (!chan_bw_allowed(chan, bw, 1, 1)) {
- wpa_printf(MSG_DEBUG,
- "ACS: Channel %d: BW %u is not supported",
-@@ -1067,6 +1073,9 @@ static int * acs_request_scan_add_freqs(
- if (chan->max_tx_power < iface->conf->min_tx_power)
- continue;
-
-+ if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
-+ continue;
-+
- *freq++ = chan->freq;
- }
-
---- a/src/ap/dfs.c
-+++ b/src/ap/dfs.c
-@@ -282,6 +282,9 @@ static int dfs_find_channel(struct hosta
- if (chan->max_tx_power < iface->conf->min_tx_power)
- continue;
-
-+ if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
-+ continue;
-+
- if (ret_chan && idx == channel_idx) {
- wpa_printf(MSG_DEBUG, "Selected channel %d (%d)",
- chan->freq, chan->chan);
diff --git a/package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch b/package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch
index e78a4ef5c..51690def0 100644
--- a/package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch
+++ b/package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch
@@ -13,7 +13,7 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
-@@ -12241,7 +12241,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12640,7 +12640,7 @@ char * wpa_supplicant_ctrl_iface_process
if (wpas_ctrl_iface_coloc_intf_report(wpa_s, buf + 18))
reply_len = -1;
#endif /* CONFIG_WNM */
@@ -22,7 +22,7 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
} else if (os_strncmp(buf, "DISASSOC_IMMINENT ", 18) == 0) {
if (ap_ctrl_iface_disassoc_imminent(wpa_s, buf + 18))
reply_len = -1;
-@@ -12251,7 +12251,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12650,7 +12650,7 @@ char * wpa_supplicant_ctrl_iface_process
} else if (os_strncmp(buf, "BSS_TM_REQ ", 11) == 0) {
if (ap_ctrl_iface_bss_tm_req(wpa_s, buf + 11))
reply_len = -1;
diff --git a/package/network/services/hostapd/patches/992-openssl-include-rsa.patch b/package/network/services/hostapd/patches/992-openssl-include-rsa.patch
deleted file mode 100644
index 581ae9f67..000000000
--- a/package/network/services/hostapd/patches/992-openssl-include-rsa.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From f374d52079111a4340acb6df835f45ac6b5f3f60 Mon Sep 17 00:00:00 2001
-From: Andre Heider <a.heider@gmail.com>
-Date: Wed, 22 Jun 2022 14:13:55 +0200
-Subject: OpenSSL: Include rsa.h for all OpenSSL versions
-
-This fixes the build with OpenSSL 1.1.1:
-../src/crypto/crypto_openssl.c: In function 'crypto_rsa_oaep_sha256_decrypt':
-../src/crypto/crypto_openssl.c:4404:49: error: 'RSA_PKCS1_OAEP_PADDING' undeclared (first use in this function)
-
-Signed-off-by: Andre Heider <a.heider@gmail.com>
----
- src/crypto/crypto_openssl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -16,6 +16,7 @@
- #include <openssl/dh.h>
- #include <openssl/hmac.h>
- #include <openssl/rand.h>
-+#include <openssl/rsa.h>
- #include <openssl/pem.h>
- #ifdef CONFIG_ECC
- #include <openssl/ec.h>
-@@ -25,7 +26,6 @@
- #include <openssl/provider.h>
- #include <openssl/core_names.h>
- #include <openssl/param_build.h>
--#include <openssl/rsa.h>
- #include <openssl/encoder.h>
- #include <openssl/decoder.h>
- #else /* OpenSSL version >= 3.0 */
diff --git a/package/network/services/hostapd/patches/993-fix-mbo-module-build.patch b/package/network/services/hostapd/patches/993-fix-mbo-module-build.patch
deleted file mode 100644
index 3efc484f8..000000000
--- a/package/network/services/hostapd/patches/993-fix-mbo-module-build.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- a/wpa_supplicant/Makefile
-+++ b/wpa_supplicant/Makefile
-@@ -339,6 +339,7 @@
-
- ifdef CONFIG_MBO
- CONFIG_WNM=y
-+NEED_GAS=y
- endif
-
- ifdef CONFIG_WNM
diff --git a/package/network/services/hostapd/src/hostapd/radius.c b/package/network/services/hostapd/src/hostapd/radius.c
new file mode 100644
index 000000000..362a22c27
--- /dev/null
+++ b/package/network/services/hostapd/src/hostapd/radius.c
@@ -0,0 +1,715 @@
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "crypto/crypto.h"
+#include "crypto/tls.h"
+
+#include "ap/ap_config.h"
+#include "eap_server/eap.h"
+#include "radius/radius.h"
+#include "radius/radius_server.h"
+#include "eap_register.h"
+
+#include <libubox/blobmsg_json.h>
+#include <libubox/blobmsg.h>
+#include <libubox/avl.h>
+#include <libubox/avl-cmp.h>
+#include <libubox/kvlist.h>
+
+#include <sys/stat.h>
+#include <fnmatch.h>
+
+#define VENDOR_ID_WISPR 14122
+#define VENDOR_ATTR_SIZE 6
+
+struct radius_parse_attr_data {
+ unsigned int vendor;
+ u8 type;
+ int size;
+ char format;
+ const char *data;
+};
+
+struct radius_parse_attr_state {
+ struct hostapd_radius_attr *prev;
+ struct hostapd_radius_attr *attr;
+ struct wpabuf *buf;
+ void *attrdata;
+};
+
+struct radius_user_state {
+ struct avl_node node;
+ struct eap_user data;
+};
+
+struct radius_user_data {
+ struct kvlist users;
+ struct avl_tree user_state;
+ struct blob_attr *wildcard;
+};
+
+struct radius_state {
+ struct radius_server_data *radius;
+ struct eap_config eap;
+
+ struct radius_user_data phase1, phase2;
+ const char *user_file;
+ time_t user_file_ts;
+
+ int n_attrs;
+ struct hostapd_radius_attr *attrs;
+};
+
+struct radius_config {
+ struct tls_connection_params tls;
+ struct radius_server_conf radius;
+};
+
+enum {
+ USER_ATTR_PASSWORD,
+ USER_ATTR_HASH,
+ USER_ATTR_SALT,
+ USER_ATTR_METHODS,
+ USER_ATTR_RADIUS,
+ USER_ATTR_VLAN,
+ USER_ATTR_MAX_RATE_UP,
+ USER_ATTR_MAX_RATE_DOWN,
+ __USER_ATTR_MAX
+};
+
+static void radius_tls_event(void *ctx, enum tls_event ev,
+ union tls_event_data *data)
+{
+ switch (ev) {
+ case TLS_CERT_CHAIN_SUCCESS:
+ wpa_printf(MSG_DEBUG, "radius: remote certificate verification success");
+ break;
+ case TLS_CERT_CHAIN_FAILURE:
+ wpa_printf(MSG_INFO, "radius: certificate chain failure: reason=%d depth=%d subject='%s' err='%s'",
+ data->cert_fail.reason,
+ data->cert_fail.depth,
+ data->cert_fail.subject,
+ data->cert_fail.reason_txt);
+ break;
+ case TLS_PEER_CERTIFICATE:
+ wpa_printf(MSG_DEBUG, "radius: peer certificate: depth=%d serial_num=%s subject=%s",
+ data->peer_cert.depth,
+ data->peer_cert.serial_num ? data->peer_cert.serial_num : "N/A",
+ data->peer_cert.subject);
+ break;
+ case TLS_ALERT:
+ if (data->alert.is_local)
+ wpa_printf(MSG_DEBUG, "radius: local TLS alert: %s",
+ data->alert.description);
+ else
+ wpa_printf(MSG_DEBUG, "radius: remote TLS alert: %s",
+ data->alert.description);
+ break;
+ case TLS_UNSAFE_RENEGOTIATION_DISABLED:
+ /* Not applicable to TLS server */
+ break;
+ }
+}
+
+static void radius_userdata_init(struct radius_user_data *u)
+{
+ kvlist_init(&u->users, kvlist_blob_len);
+ avl_init(&u->user_state, avl_strcmp, false, NULL);
+}
+
+static void radius_userdata_free(struct radius_user_data *u)
+{
+ struct radius_user_state *s, *tmp;
+
+ kvlist_free(&u->users);
+ free(u->wildcard);
+ u->wildcard = NULL;
+ avl_remove_all_elements(&u->user_state, s, node, tmp)
+ free(s);
+}
+
+static void
+radius_userdata_load(struct radius_user_data *u, struct blob_attr *data)
+{
+ enum {
+ USERSTATE_USERS,
+ USERSTATE_WILDCARD,
+ __USERSTATE_MAX,
+ };
+ static const struct blobmsg_policy policy[__USERSTATE_MAX] = {
+ [USERSTATE_USERS] = { "users", BLOBMSG_TYPE_TABLE },
+ [USERSTATE_WILDCARD] = { "wildcard", BLOBMSG_TYPE_ARRAY },
+ };
+ struct blob_attr *tb[__USERSTATE_MAX], *cur;
+ int rem;
+
+ if (!data)
+ return;
+
+ blobmsg_parse(policy, __USERSTATE_MAX, tb, blobmsg_data(data), blobmsg_len(data));
+
+ blobmsg_for_each_attr(cur, tb[USERSTATE_USERS], rem)
+ kvlist_set(&u->users, blobmsg_name(cur), cur);
+
+ if (tb[USERSTATE_WILDCARD])
+ u->wildcard = blob_memdup(tb[USERSTATE_WILDCARD]);
+}
+
+static void
+load_userfile(struct radius_state *s)
+{
+ enum {
+ USERDATA_PHASE1,
+ USERDATA_PHASE2,
+ __USERDATA_MAX
+ };
+ static const struct blobmsg_policy policy[__USERDATA_MAX] = {
+ [USERDATA_PHASE1] = { "phase1", BLOBMSG_TYPE_TABLE },
+ [USERDATA_PHASE2] = { "phase2", BLOBMSG_TYPE_TABLE },
+ };
+ struct blob_attr *tb[__USERDATA_MAX], *cur;
+ static struct blob_buf b;
+ struct stat st;
+ int rem;
+
+ if (stat(s->user_file, &st))
+ return;
+
+ if (s->user_file_ts == st.st_mtime)
+ return;
+
+ s->user_file_ts = st.st_mtime;
+ radius_userdata_free(&s->phase1);
+ radius_userdata_free(&s->phase2);
+
+ blob_buf_init(&b, 0);
+ blobmsg_add_json_from_file(&b, s->user_file);
+ blobmsg_parse(policy, __USERDATA_MAX, tb, blob_data(b.head), blob_len(b.head));
+ radius_userdata_load(&s->phase1, tb[USERDATA_PHASE1]);
+ radius_userdata_load(&s->phase2, tb[USERDATA_PHASE2]);
+
+ blob_buf_free(&b);
+}
+
+static struct blob_attr *
+radius_user_get(struct radius_user_data *s, const char *name)
+{
+ struct blob_attr *cur;
+ int rem;
+
+ cur = kvlist_get(&s->users, name);
+ if (cur)
+ return cur;
+
+ blobmsg_for_each_attr(cur, s->wildcard, rem) {
+ static const struct blobmsg_policy policy = {
+ "name", BLOBMSG_TYPE_STRING
+ };
+ struct blob_attr *pattern;
+
+ if (blobmsg_type(cur) != BLOBMSG_TYPE_TABLE)
+ continue;
+
+ blobmsg_parse(&policy, 1, &pattern, blobmsg_data(cur), blobmsg_len(cur));
+ if (!name)
+ continue;
+
+ if (!fnmatch(blobmsg_get_string(pattern), name, 0))
+ return cur;
+ }
+
+ return NULL;
+}
+
+static struct radius_parse_attr_data *
+radius_parse_attr(struct blob_attr *attr)
+{
+ static const struct blobmsg_policy policy[4] = {
+ { .type = BLOBMSG_TYPE_INT32 },
+ { .type = BLOBMSG_TYPE_INT32 },
+ { .type = BLOBMSG_TYPE_STRING },
+ { .type = BLOBMSG_TYPE_STRING },
+ };
+ static struct radius_parse_attr_data data;
+ struct blob_attr *tb[4];
+ const char *format;
+
+ blobmsg_parse_array(policy, ARRAY_SIZE(policy), tb, blobmsg_data(attr), blobmsg_len(attr));
+
+ if (!tb[0] || !tb[1] || !tb[2] || !tb[3])
+ return NULL;
+
+ format = blobmsg_get_string(tb[2]);
+ if (strlen(format) != 1)
+ return NULL;
+
+ data.vendor = blobmsg_get_u32(tb[0]);
+ data.type = blobmsg_get_u32(tb[1]);
+ data.format = format[0];
+ data.data = blobmsg_get_string(tb[3]);
+ data.size = strlen(data.data);
+
+ switch (data.format) {
+ case 's':
+ break;
+ case 'x':
+ if (data.size & 1)
+ return NULL;
+ data.size /= 2;
+ break;
+ case 'd':
+ data.size = 4;
+ break;
+ default:
+ return NULL;
+ }
+
+ return &data;
+}
+
+static void
+radius_count_attrs(struct blob_attr **tb, int *n_attr, size_t *attr_size)
+{
+ struct blob_attr *data = tb[USER_ATTR_RADIUS];
+ struct blob_attr *cur;
+ int rem;
+
+ blobmsg_for_each_attr(cur, data, rem) {
+ struct radius_parse_attr_data *data;
+ size_t prev = *attr_size;
+
+ data = radius_parse_attr(cur);
+ if (!data)
+ continue;
+
+ *attr_size += data->size;
+ if (data->vendor)
+ *attr_size += VENDOR_ATTR_SIZE;
+
+ (*n_attr)++;
+ }
+
+ *n_attr += !!tb[USER_ATTR_VLAN] * 3 +
+ !!tb[USER_ATTR_MAX_RATE_UP] +
+ !!tb[USER_ATTR_MAX_RATE_DOWN];
+ *attr_size += !!tb[USER_ATTR_VLAN] * (4 + 4 + 5) +
+ !!tb[USER_ATTR_MAX_RATE_UP] * (4 + VENDOR_ATTR_SIZE) +
+ !!tb[USER_ATTR_MAX_RATE_DOWN] * (4 + VENDOR_ATTR_SIZE);
+}
+
+static void *
+radius_add_attr(struct radius_parse_attr_state *state,
+ u32 vendor, u8 type, u8 len)
+{
+ struct hostapd_radius_attr *attr;
+ struct wpabuf *buf;
+ void *val;
+
+ val = state->attrdata;
+
+ buf = state->buf++;
+ buf->buf = val;
+
+ attr = state->attr++;
+ attr->val = buf;
+ attr->type = type;
+
+ if (state->prev)
+ state->prev->next = attr;
+ state->prev = attr;
+
+ if (vendor) {
+ u8 *vendor_hdr = val + 4;
+
+ WPA_PUT_BE32(val, vendor);
+ vendor_hdr[0] = type;
+ vendor_hdr[1] = len + 2;
+
+ len += VENDOR_ATTR_SIZE;
+ val += VENDOR_ATTR_SIZE;
+ attr->type = RADIUS_ATTR_VENDOR_SPECIFIC;
+ }
+
+ buf->size = buf->used = len;
+ state->attrdata += len;
+
+ return val;
+}
+
+static void
+radius_parse_attrs(struct blob_attr **tb, struct radius_parse_attr_state *state)
+{
+ struct blob_attr *data = tb[USER_ATTR_RADIUS];
+ struct hostapd_radius_attr *prev = NULL;
+ struct blob_attr *cur;
+ int len, rem;
+ void *val;
+
+ if ((cur = tb[USER_ATTR_VLAN]) != NULL && blobmsg_get_u32(cur) < 4096) {
+ char buf[5];
+
+ val = radius_add_attr(state, 0, RADIUS_ATTR_TUNNEL_TYPE, 4);
+ WPA_PUT_BE32(val, RADIUS_TUNNEL_TYPE_VLAN);
+
+ val = radius_add_attr(state, 0, RADIUS_ATTR_TUNNEL_MEDIUM_TYPE, 4);
+ WPA_PUT_BE32(val, RADIUS_TUNNEL_MEDIUM_TYPE_802);
+
+ len = snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(cur));
+ val = radius_add_attr(state, 0, RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID, len);
+ memcpy(val, buf, len);
+ }
+
+ if ((cur = tb[USER_ATTR_MAX_RATE_UP]) != NULL) {
+ val = radius_add_attr(state, VENDOR_ID_WISPR, 7, 4);
+ WPA_PUT_BE32(val, blobmsg_get_u32(cur));
+ }
+
+ if ((cur = tb[USER_ATTR_MAX_RATE_DOWN]) != NULL) {
+ val = radius_add_attr(state, VENDOR_ID_WISPR, 8, 4);
+ WPA_PUT_BE32(val, blobmsg_get_u32(cur));
+ }
+
+ blobmsg_for_each_attr(cur, data, rem) {
+ struct radius_parse_attr_data *data;
+ void *val;
+ int size;
+
+ data = radius_parse_attr(cur);
+ if (!data)
+ continue;
+
+ val = radius_add_attr(state, data->vendor, data->type, data->size);
+ switch (data->format) {
+ case 's':
+ memcpy(val, data->data, data->size);
+ break;
+ case 'x':
+ hexstr2bin(data->data, val, data->size);
+ break;
+ case 'd':
+ WPA_PUT_BE32(val, atoi(data->data));
+ break;
+ }
+ }
+}
+
+static void
+radius_user_parse_methods(struct eap_user *eap, struct blob_attr *data)
+{
+ struct blob_attr *cur;
+ int rem, n = 0;
+
+ if (!data)
+ return;
+
+ blobmsg_for_each_attr(cur, data, rem) {
+ const char *method;
+
+ if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
+ continue;
+
+ if (n == EAP_MAX_METHODS)
+ break;
+
+ method = blobmsg_get_string(cur);
+ eap->methods[n].method = eap_server_get_type(method, &eap->methods[n].vendor);
+ if (eap->methods[n].vendor == EAP_VENDOR_IETF &&
+ eap->methods[n].method == EAP_TYPE_NONE) {
+ if (!strcmp(method, "TTLS-PAP")) {
+ eap->ttls_auth |= EAP_TTLS_AUTH_PAP;
+ continue;
+ }
+ if (!strcmp(method, "TTLS-CHAP")) {
+ eap->ttls_auth |= EAP_TTLS_AUTH_CHAP;
+ continue;
+ }
+ if (!strcmp(method, "TTLS-MSCHAP")) {
+ eap->ttls_auth |= EAP_TTLS_AUTH_MSCHAP;
+ continue;
+ }
+ if (!strcmp(method, "TTLS-MSCHAPV2")) {
+ eap->ttls_auth |= EAP_TTLS_AUTH_MSCHAPV2;
+ continue;
+ }
+ }
+ n++;
+ }
+}
+
+static struct eap_user *
+radius_user_get_state(struct radius_user_data *u, struct blob_attr *data,
+ const char *id)
+{
+ static const struct blobmsg_policy policy[__USER_ATTR_MAX] = {
+ [USER_ATTR_PASSWORD] = { "password", BLOBMSG_TYPE_STRING },
+ [USER_ATTR_HASH] = { "hash", BLOBMSG_TYPE_STRING },
+ [USER_ATTR_SALT] = { "salt", BLOBMSG_TYPE_STRING },
+ [USER_ATTR_METHODS] = { "methods", BLOBMSG_TYPE_ARRAY },
+ [USER_ATTR_RADIUS] = { "radius", BLOBMSG_TYPE_ARRAY },
+ [USER_ATTR_VLAN] = { "vlan-id", BLOBMSG_TYPE_INT32 },
+ [USER_ATTR_MAX_RATE_UP] = { "max-rate-up", BLOBMSG_TYPE_INT32 },
+ [USER_ATTR_MAX_RATE_DOWN] = { "max-rate-down", BLOBMSG_TYPE_INT32 },
+ };
+ struct blob_attr *tb[__USER_ATTR_MAX], *cur;
+ char *password_buf, *salt_buf, *name_buf;
+ struct radius_parse_attr_state astate = {};
+ struct hostapd_radius_attr *attr;
+ struct radius_user_state *state;
+ int pw_len = 0, salt_len = 0;
+ struct eap_user *eap;
+ struct wpabuf *val;
+ size_t attrsize = 0;
+ void *attrdata;
+ int n_attr = 0;
+
+ state = avl_find_element(&u->user_state, id, state, node);
+ if (state)
+ return &state->data;
+
+ blobmsg_parse(policy, __USER_ATTR_MAX, tb, blobmsg_data(data), blobmsg_len(data));
+
+ if ((cur = tb[USER_ATTR_SALT]) != NULL)
+ salt_len = strlen(blobmsg_get_string(cur)) / 2;
+ if ((cur = tb[USER_ATTR_HASH]) != NULL)
+ pw_len = strlen(blobmsg_get_string(cur)) / 2;
+ else if ((cur = tb[USER_ATTR_PASSWORD]) != NULL)
+ pw_len = blobmsg_len(cur) - 1;
+ radius_count_attrs(tb, &n_attr, &attrsize);
+
+ state = calloc_a(sizeof(*state), &name_buf, strlen(id) + 1,
+ &password_buf, pw_len,
+ &salt_buf, salt_len,
+ &astate.attr, n_attr * sizeof(*astate.attr),
+ &astate.buf, n_attr * sizeof(*astate.buf),
+ &astate.attrdata, attrsize);
+ eap = &state->data;
+ eap->salt = salt_len ? salt_buf : NULL;
+ eap->salt_len = salt_len;
+ eap->password = pw_len ? password_buf : NULL;
+ eap->password_len = pw_len;
+ eap->force_version = -1;
+
+ if ((cur = tb[USER_ATTR_SALT]) != NULL)
+ hexstr2bin(blobmsg_get_string(cur), salt_buf, salt_len);
+ if ((cur = tb[USER_ATTR_PASSWORD]) != NULL)
+ memcpy(password_buf, blobmsg_get_string(cur), pw_len);
+ else if ((cur = tb[USER_ATTR_HASH]) != NULL) {
+ hexstr2bin(blobmsg_get_string(cur), password_buf, pw_len);
+ eap->password_hash = 1;
+ }
+ radius_user_parse_methods(eap, tb[USER_ATTR_METHODS]);
+
+ if (n_attr > 0) {
+ cur = tb[USER_ATTR_RADIUS];
+ eap->accept_attr = astate.attr;
+ radius_parse_attrs(tb, &astate);
+ }
+
+ state->node.key = strcpy(name_buf, id);
+ avl_insert(&u->user_state, &state->node);
+
+ return &state->data;
+
+free:
+ free(state);
+ return NULL;
+}
+
+static int radius_get_eap_user(void *ctx, const u8 *identity,
+ size_t identity_len, int phase2,
+ struct eap_user *user)
+{
+ struct radius_state *s = ctx;
+ struct radius_user_data *u = phase2 ? &s->phase2 : &s->phase1;
+ struct blob_attr *entry;
+ struct eap_user *data;
+ char *id;
+
+ if (identity_len > 512)
+ return -1;
+
+ load_userfile(s);
+
+ id = alloca(identity_len + 1);
+ memcpy(id, identity, identity_len);
+ id[identity_len] = 0;
+
+ entry = radius_user_get(u, id);
+ if (!entry)
+ return -1;
+
+ if (!user)
+ return 0;
+
+ data = radius_user_get_state(u, entry, id);
+ if (!data)
+ return -1;
+
+ *user = *data;
+ if (user->password_len > 0)
+ user->password = os_memdup(user->password, user->password_len);
+ if (user->salt_len > 0)
+ user->salt = os_memdup(user->salt, user->salt_len);
+ user->phase2 = phase2;
+
+ return 0;
+}
+
+static int radius_setup(struct radius_state *s, struct radius_config *c)
+{
+ struct eap_config *eap = &s->eap;
+ struct tls_config conf = {
+ .event_cb = radius_tls_event,
+ .tls_flags = TLS_CONN_DISABLE_TLSv1_3,
+ .cb_ctx = s,
+ };
+
+ eap->eap_server = 1;
+ eap->max_auth_rounds = 100;
+ eap->max_auth_rounds_short = 50;
+ eap->ssl_ctx = tls_init(&conf);
+ if (!eap->ssl_ctx) {
+ wpa_printf(MSG_INFO, "TLS init failed\n");
+ return 1;
+ }
+
+ if (tls_global_set_params(eap->ssl_ctx, &c->tls)) {
+ wpa_printf(MSG_INFO, "failed to set TLS parameters\n");
+ return 1;
+ }
+
+ c->radius.eap_cfg = eap;
+ c->radius.conf_ctx = s;
+ c->radius.get_eap_user = radius_get_eap_user;
+ s->radius = radius_server_init(&c->radius);
+ if (!s->radius) {
+ wpa_printf(MSG_INFO, "failed to initialize radius server\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+static int radius_init(struct radius_state *s)
+{
+ memset(s, 0, sizeof(*s));
+ radius_userdata_init(&s->phase1);
+ radius_userdata_init(&s->phase2);
+}
+
+static void radius_deinit(struct radius_state *s)
+{
+ if (s->radius)
+ radius_server_deinit(s->radius);
+
+ if (s->eap.ssl_ctx)
+ tls_deinit(s->eap.ssl_ctx);
+
+ radius_userdata_free(&s->phase1);
+ radius_userdata_free(&s->phase2);
+}
+
+static int usage(const char *progname)
+{
+ fprintf(stderr, "Usage: %s <options>\n",
+ progname);
+}
+
+int radius_main(int argc, char **argv)
+{
+ static struct radius_state state = {};
+ static struct radius_config config = {};
+ const char *progname = argv[0];
+ int ret = 0;
+ int ch;
+
+ wpa_debug_setup_stdout();
+ wpa_debug_level = 0;
+
+ if (eloop_init()) {
+ wpa_printf(MSG_ERROR, "Failed to initialize event loop");
+ return 1;
+ }
+
+ eap_server_register_methods();
+ radius_init(&state);
+
+ while ((ch = getopt(argc, argv, "6C:c:d:i:k:K:p:P:s:u:")) != -1) {
+ switch (ch) {
+ case '6':
+ config.radius.ipv6 = 1;
+ break;
+ case 'C':
+ config.tls.ca_cert = optarg;
+ break;
+ case 'c':
+ if (config.tls.client_cert2)
+ return usage(progname);
+
+ if (config.tls.client_cert)
+ config.tls.client_cert2 = optarg;
+ else
+ config.tls.client_cert = optarg;
+ break;
+ case 'd':
+ config.tls.dh_file = optarg;
+ break;
+ case 'i':
+ state.eap.server_id = optarg;
+ state.eap.server_id_len = strlen(optarg);
+ break;
+ case 'k':
+ if (config.tls.private_key2)
+ return usage(progname);
+
+ if (config.tls.private_key)
+ config.tls.private_key2 = optarg;
+ else
+ config.tls.private_key = optarg;
+ break;
+ case 'K':
+ if (config.tls.private_key_passwd2)
+ return usage(progname);
+
+ if (config.tls.private_key_passwd)
+ config.tls.private_key_passwd2 = optarg;
+ else
+ config.tls.private_key_passwd = optarg;
+ break;
+ case 'p':
+ config.radius.auth_port = atoi(optarg);
+ break;
+ case 'P':
+ config.radius.acct_port = atoi(optarg);
+ break;
+ case 's':
+ config.radius.client_file = optarg;
+ break;
+ case 'u':
+ state.user_file = optarg;
+ break;
+ default:
+ return usage(progname);
+ }
+ }
+
+ if (!config.tls.client_cert || !config.tls.private_key ||
+ !config.radius.client_file || !state.eap.server_id ||
+ !state.user_file) {
+ wpa_printf(MSG_INFO, "missing options\n");
+ goto out;
+ }
+
+ ret = radius_setup(&state, &config);
+ if (ret)
+ goto out;
+
+ load_userfile(&state);
+ eloop_run();
+
+out:
+ radius_deinit(&state);
+ os_program_deinit();
+
+ return ret;
+}
diff --git a/package/network/services/hostapd/src/src/utils/build_features.h b/package/network/services/hostapd/src/src/utils/build_features.h
index 553769ece..cc8831535 100644
--- a/package/network/services/hostapd/src/src/utils/build_features.h
+++ b/package/network/services/hostapd/src/src/utils/build_features.h
@@ -15,6 +15,10 @@ static inline int has_feature(const char *feat)
if (!strcmp(feat, "11ax"))
return 1;
#endif
+#ifdef CONFIG_IEEE80211BE
+ if (!strcmp(feat, "11be"))
+ return 1;
+#endif
#ifdef CONFIG_IEEE80211R
if (!strcmp(feat, "11r"))
return 1;