* mac80211: fix HT40 mode for 6G band
The channel offset used for VHT segment calculation was missing for HT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: refresh patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: add missing change for encap offload on devices with sw rate control
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ath9k: owl-loader: remove obsolete AR71XX patch
this is no longer necessary as the AR71XX target
was superseded by ath79.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* mac80211: revert faulty change that was breaking broadcast tx
Fixes: 0f6887972adc ("mac80211: add missing change for encap offload on devices with sw rate control")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: Update to backports-5.10.68
Refresh all patches.
The removed patches were integrated upstream.
This contains fixes for CVE-2020-3702
1. These patches (ath, ath9k, mac80211) were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].
Thank you Josef Schlehofer for reporting this problem.
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702
[2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: backport support for BSS color changes
This is needed for an upcoming mt76 update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Christian Lamparter <chunkeey@gmail.com>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: remove patches stripping down crypto support
Use of WPA3 and things like FILS is getting much more common, and platforms
that can't affort the extra kilobytes for this code are fading away.
Let's not hold back modern authentication methods any longer
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: make cryptoapi support needed by mac80211 built-in
This reduces the flash space impact, since built-in code is much smaller
than a bunch of kernel modules on squashfs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: remove extra patch accidentally added during rebase
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
From the patch series description:
Several security issues in the 802.11 implementations were found by
Mathy Vanhoef (New York University Abu Dhabi), who has published all
the details at
https://papers.mathyvanhoef.com/usenix2021.pdf
Specifically, the following CVEs were assigned:
* CVE-2020-24586 - Fragmentation cache not cleared on reconnection
* CVE-2020-24587 - Reassembling fragments encrypted under different
keys
* CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to
payload being parsed as an L2 frame under an
A-MSDU bit toggling attack
* CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
* CVE-2020-26140 - Accepting plaintext data frames in protected
networks
* CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
* CVE-2020-26142 - Processing fragmented frames as full frames
* CVE-2020-26143 - Accepting fragmented plaintext frames in
protected networks
* CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that
start with RFC1042 header with EAPOL ethertype
* CVE-2020-26145 - Accepting plaintext broadcast fragments as full
frames
* CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive
packet numbers
* CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments
In general, the scope of these attacks is that they may allow an
attacker to
* inject L2 frames that they can more or less control (depending on the
vulnerability and attack method) into an otherwise protected network;
* exfiltrate (some) network data under certain conditions, this is
specific to the fragmentation issues.
A subset of these issues is known to apply to the Linux IEEE 802.11
implementation (mac80211). Where it is affected, the attached patches
fix the issues, even if not all of them reference the exact CVE IDs.
In addition, driver and/or firmware updates may be necessary, as well
as potentially more fixes to mac80211, depending on how drivers are
using it.
Specifically, for Intel devices, firmware needs to be updated to the
most recently released versions (which was done without any reference
to the security issues) to address some of the vulnerabilities.
To have a single set of patches, I'm also including patches for the
ath10k and ath11k drivers here.
We currently don't have information about how other drivers are, if
at all, affected.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
[mac80211]
5b29614 mac80211: another fix for the sta connection monitor
1ed6eb1 mac80211: backport sched_set_fifo_low
cba4120 mac80211: add support for specifying a per-device scan list
e0d482f rt2x00: mt7620: differentiate based on SoC's CHIP_VER
[package]
amd64-microcode/intel-microcode/linux-firmware: update version
* mac80211: bump to 5.8-rc2
changelog:
dfe0bc8 mac80211: allow ACS restriction with fixed channel
727685c mac80211: rt2x00: define RF5592 in init_eeprom routine
cfd2f3b mac80211: create channel list for fixed channel operation
d1100c7 mac80211: Update to version 5.7.5-1
ed2015c mac80211: Update to version 5.8-rc2-1
a956c14 mac80211: util: don't warn on missing sband iftype data
8b3e170 hostapd: fix incorrect service name
68bf5a9 mac80211: don't kill wireless daemon on teardown
25e0ae6 mac80211: make cfg80211 testmode support optional (and disabled by default)
b7727a8 mac80211: fix AQL issues
3d731fc mac80211: merge performance improvement patches
* mt76: update to 2020-07-22
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: allow VHT on 2.4GHz
Allow VHT rate on 2.4GHz in order to use 256-QAM
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* ath10k: allow VHT on 2.4GHz
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* hostapd: add vendor_vht option
hostapd has vendor_vht option to enable VHT (256-QAM) on 2.4GHz
Add this option to hostapd.sh so users can enable it via uci
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* ipq807x: Refresh kernel configuration
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ipq807x: Add WCSS bus
This is needed to build ath11k.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Add ath11k
This adds the Qualcomm 802.11ax wireless chipset support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Options:
--debug enable netlink debugging
--version show version (3.4)
Commands:
help [command]
Print usage for all or a specific command, e.g.
"help wowlan" or "help wowlan enable".
event [-t] [-r] [-f]
Monitor events from the kernel.
-t - print timestamp
-r - print relative timstamp
-f - print full frame for auth/assoc etc.
phy
list
List all wireless devices and their capabilities.
phy <phyname> info
Show capabilities for the specified wireless device.
dev
List all network interfaces for wireless hardware.
dev <devname> info
Show information for this interface.
dev <devname> del
Remove this virtual interface
dev <devname> interface add <name> type <type> [mesh_id <meshid>] [4addr on|off] [flags <flag>*]
phy <phyname> interface add <name> type <type> [mesh_id <meshid>] [4addr on|off] [flags <flag>*]
Add a new virtual interface with the given configuration.
Valid interface types are: managed, ibss, monitor, mesh, wds.
The flags are only used for monitor interfaces, valid flags are:
none: no special flags
fcsfail: show frames with FCS errors
control: show control frames
otherbss: show frames from other BSSes
cook: use cooked mode
The mesh_id is used only for mesh mode.
dev <devname> ibss join <SSID> <freq in MHz> [HT20|HT40+|HT40-|NOHT] [fixed-freq] [<fixed bssid>] [beacon-interval <TU>] [basic-rates <rate in Mbps,rate2,...>] [mcast-rate <rate in Mbps>] [key d:0:abcde]
Join the IBSS cell with the given SSID, if it doesn't exist create
it on the given frequency. When fixed frequency is requested, don't
join/create a cell on a different frequency. When a fixed BSSID is
requested use that BSSID and do not adopt another cell's BSSID even
if it has higher TSF and the same SSID. If an IBSS is created, create
it with the specified basic-rates, multicast-rate and beacon-interval.
dev <devname> ibss leave
Leave the current IBSS cell.
dev <devname> station dump
List all stations known, e.g. the AP on managed interfaces
dev <devname> station set <MAC address> vlan <ifindex>
Set an AP VLAN for this station.
dev <devname> station set <MAC address> plink_action <open|block>
Set mesh peer link action for this station (peer).
dev <devname> station del <MAC address>
Remove the given station entry (use with caution!)
dev <devname> station get <MAC address>
Get information for a specific station.
dev <devname> survey dump
List all gathered channel survey data
dev <devname> mesh leave
Leave a mesh.
dev <devname> mesh join <mesh ID> [mcast-rate <rate in Mbps>] [<param>=<value>]*
Join a mesh with the given mesh ID with mcast-rate and mesh parameters.
dev <devname> mpath dump
List known mesh paths.
dev <devname> mpath set <destination MAC address> next_hop <next hop MAC address>
Set an existing mesh path's next hop.
dev <devname> mpath new <destination MAC address> next_hop <next hop MAC address>
Create a new mesh path (instead of relying on automatic discovery).
dev <devname> mpath del <MAC address>
Remove the mesh path to the given node.
dev <devname> mpath get <MAC address>
Get information on mesh path to the given node.
dev <devname> scan [-u] [freq <freq>*] [ies <hex as 00:11:..>] [ssid <ssid>*|passive]
Scan on the given frequencies and probe for the given SSIDs
(or wildcard if not given) unless passive scanning is requested.
If -u is specified print unknown data in the scan results.
Specified (vendor) IEs must be well-formed.
dev <devname> scan trigger [freq <freq>*] [ies <hex as 00:11:..>] [ssid <ssid>*|passive]
Trigger a scan on the given frequencies with probing for the given
SSIDs (or wildcard if not given) unless passive scanning is requested.
dev <devname> scan dump [-u]
Dump the current scan results. If -u is specified, print unknown
data in scan results.
reg get
Print out the kernel's current regulatory domain information.
reg set <ISO/IEC 3166-1 alpha2>
Notify the kernel about the current regulatory domain.
dev <devname> connect [-w] <SSID> [<freq in MHz>] [<bssid>] [key 0:abcde d:1:6162636465]
Join the network with the given SSID (and frequency, BSSID).
With -w, wait for the connect to finish or fail.
dev <devname> disconnect
Disconnect from the current network.
dev <devname> link
Print information about the current link, if any.
dev <devname> offchannel <freq> <duration>
Leave operating channel and go to the given channel for a while.
dev <devname> cqm rssi <threshold|off> [<hysteresis>]
Set connection quality monitor RSSI threshold.
phy <phyname> wowlan show
Show WoWLAN status.
phy <phyname> wowlan disable
Disable WoWLAN.
phy <phyname> wowlan enable [any] [disconnect] [magic-packet] [gtk-rekey-failure] [eap-identity-request] [4way-handshake] [rfkill-release] [patterns <pattern>*]
Enable WoWLAN with the given triggers.
Each pattern is given as a bytestring with '-' in places where any byte
may be present, e.g. 00:11:22:-:44 will match 00:11:22:33:44 and
00:11:22:33:ff:44 etc.
dev <devname> roc start <freq> <time>
phy <phyname> set antenna <bitmap> | all | <tx bitmap> <rx bitmap>
Set a bitmap of allowed antennas to use for TX and RX.
The driver may reject antenna configurations it cannot support.
dev <devname> set txpower <auto|fixed|limit> [<tx power in mBm>]
Specify transmit power level and setting type.
phy <phyname> set txpower <auto|fixed|limit> [<tx power in mBm>]
Specify transmit power level and setting type.
phy <phyname> set distance <distance>
Set appropriate coverage class for given link distance in meters.
Valid values: 0 - 114750
phy <phyname> set coverage <coverage class>
Set coverage class (1 for every 3 usec of air propagation time).
Valid values: 0 - 255.
phy <phyname> set netns <pid>
Put this wireless device into a different network namespace
phy <phyname> set rts <rts threshold|off>
Set rts threshold.
phy <phyname> set frag <fragmentation threshold|off>
Set fragmentation threshold.
dev <devname> set channel <channel> [HT20|HT40+|HT40-]
phy <phyname> set channel <channel> [HT20|HT40+|HT40-]
dev <devname> set freq <freq> [HT20|HT40+|HT40-]
phy <phyname> set freq <freq> [HT20|HT40+|HT40-]
Set frequency/channel the hardware is using, including HT
configuration.
phy <phyname> set name <new name>
Rename this wireless device.
dev <devname> set peer <MAC address>
Set interface WDS peer.
dev <devname> set noack_map <map>
Set the NoAck map for the TIDs. (0x0009 = BE, 0x0006 = BK, 0x0030 = VI, 0x00C0 = VO)
dev <devname> set 4addr <on|off>
Set interface 4addr (WDS) mode.
dev <devname> set type <type>
Set interface type/mode.
Valid interface types are: managed, ibss, monitor, mesh, wds.
dev <devname> set meshid <meshid>
dev <devname> set monitor <flag>*
Set monitor flags. Valid flags are:
none: no special flags
fcsfail: show frames with FCS errors
control: show control frames
otherbss: show frames from other BSSes
cook: use cooked mode
dev <devname> set mesh_param <param>=<value> [<param>=<value>]*
Set mesh parameter (run command without any to see available ones).
dev <devname> set power_save <on|off>
Set power save state to on or off.
dev <devname> set bitrates [legacy-<2.4|5> <legacy rate in Mbps>*] [mcs-<2.4|5> <MCS index>*]
Sets up the specified rate masks.
Not passing any arguments would clear the existing mask (if any).
dev <devname> get mesh_param [<param>]
Retrieve mesh parameter (run command without any to see available ones).
dev <devname> get power_save <param>
Retrieve power save state.
You can omit the 'phy' or 'dev' if the identification is unique,
e.g. "iw wlan0 info" or "iw phy0 info". (Don't when scripting.)
Do NOT screenscrape this tool, we don't consider its output stable.
