Unless HE/EHT is enabled, the client should not process the RSN override IE.
This prevents picking up unsupported ciphers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Allow toggling autostart even for disabled devices
When switching from enabled to disabled, call teardown instead of setup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
MLO can be enabled by configuring a wifi-iface section with multiple
radios, like this:
config wifi-iface
list radio 'radio0'
list radio 'radio1'
option mlo '1'
option ssid 'OpenWrt'
option mode 'ap'
option network 'lan'
...
Signed-off-by: Felix Fietkau <nbd@nbd.name>
3a7878065829 system-dummy: add missing vrf functions
471d9d6abb6d CMakeLists.txt: bump minimum required version
c3a0255e2150 scripts: fix dummy mode on systems where libubox is in /usr/local
7a3b281230e4 update example mac80211 script and wireless config
d9f2dd2614f2 wireless: replace with ucode scripts
74c22601baad wireless: add MLO support to example scripts
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Correctly load the list of basic_rates from UCI. basic-rates shall be
stored as a option-list. The current code did not retrieve this list
correctly.
wpa_supplicant uses a different config option to set basic-rates
when operating in mesh-mode.
Use the correct config key and calculation for mesh-interfaces.
Signed-off-by: David Bauer <mail@david-bauer.net>
Override via RSNE is a relatively new feature, which can be used to enable
WPA3 features in a way that is invisible to older clients.
Use it by default to mask the GCMP-256 cipher from older clients, since
there are compatibility issues with existing devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For WIFI7 devices (such as mt7925e), the dev width is currently
always "20 MHz (no HT)" in monitor mode.
Add EHT and HE160 support to iw_htmode to fix this issue.
Additionally, the following changes are made:
1. Set iw_htmode to 160MHz for VHT160. The reason for the current
VHT160 setting is unclear and seems to have been in place for
over a decade (ibss_htmode [1]). If anyone knows its impact,
please inform me so I can restore it.
2. Modify MHZ to MHz. The original matching table in the current
iw tool uses MHz. Although the match is case-insensitive,
correcting this won't hurt.
[1]: 768d09be87
Signed-off-by: Ming Kuang <ming@imkuang.com>
Link: https://github.com/openwrt/openwrt/pull/18319
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
he_spr_psr_enabled is appended to hostapd.conf if it's enabled, but hostapd
doesn't support this config, it should be used as an internal flag to control
the he_spr_sr_control configuring.
Signed-off-by: Lix Zhou <xeontz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18025
Signed-off-by: John Crispin <john@phrozen.org>
Bringing up a mesh interface using wpa_supplicant already supports a
per-VIF basic rate selection. Add the same ability when creating a mesh
VIF without wpa_supplicant.
Signed-off-by: David Bauer <mail@david-bauer.net>
Basic rates were not set for mesh-interfaces, resulting in the undesired
behavior where 11s frames might be sent with a rate which was not
configured.
Depending on the driver, the basic rate might also be used to determine
the beacon rate configured to the chip. One such example are MediaTek
MT7915 platforms.
Signed-off-by: David Bauer <mail@david-bauer.net>
On some drivers, setting the tx power on the interface is not enough.
Set it for the phy as well.
Fixes: 04fb05914e ("wifi-scripts: add multi-radio config support")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Don't fail wireless interface bringup on empty PSK set. This is a valid
configuration, resulting in a PSK network which can't be connected to.
It does not fail the bringup of the hostapd process.
Keep failing the interface setup in case a password with invalid length
is used.
This is also beneficial when intending to configure a PPSK network. It
allows to create a network where no PPSK is yet set.
Signed-off-by: David Bauer <mail@david-bauer.net>
Link: https://github.com/openwrt/openwrt/pull/17197
Signed-off-by: John Crispin <john@phrozen.org>
With rxkh_file, hostapd will read a list of RxKHs from a text file.
This also makes it possible for hostapd to dynamically reload RxKHs.
RxKHs defined in rxkh_file should be formated as described in hostapd.conf,
with one entry per line.
R0KH/R1KH format:
r0kh=<MAC address> <NAS Identifier> <256-bit key as hex string>
r1kh=<MAC address> <R1KH-ID> <256-bit key as hex string>
Reworked behavior of the uci options r0kh and r1kh.
When rxkh_file is not configured:
Instead of appending the RxKHs to the hostapd bss configuration.
They will be added to a interface specific file with name
/var/run/hostapd-phyX-apX.rxkh.
This file will be used as the rxkh_file in the hostapd bss configuration.
When rxkh_file is configured:
The specified file will be used in the hostapd bss configuration,
and will be the only source for configured RxKHs.
All RxKHs defined with the uci options r0kh or r1kh will be ignored.
Signed-off-by: Sybil127 <sybil127@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The initialization of mesh interfaces currently fail when wpa_supplicant
is not installed. This is due to the script calling the wpa_supplicant
feature indicator without verifying wpa_supplicant is installed at all.
To avoid failing, first check if wpa_supplicant is installed before
determining the available featureset.
Signed-off-by: David Bauer <mail@david-bauer.net>
Regarding SAE support in wifi-station:
Important Note: Unlike PSK wifi-stations, both `mac` and `key` options are required
to make it work. With PSK, hostapd used to perform a brute-force match to find which
PSK entry to use, but with SAE this is infeasible due to SAE's design.
When `mac` is omitted, it will allow any MAC address to use the SAE password if it
didn't have a MAC address assigned to it, but this could only be done once.
The last wildcard entry would be used.
Also, unlike "hostapd: add support for SAE in PPSK option" (commit 913368a),
it is not required to set `sae_pwe` to `0`. This gives it a slight advantage
over using PPSK that goes beyond not needing RADIUS.
Example Configuration:
```
config wifi-vlan
option iface default_radio0
option name 999
option vid 999
option network management
config wifi-station
# Allow user with MAC address 00:11:22:33:44:55 and matching
# key "secretadminpass" to access the management network.
option iface default_radio0
option vid 999
option mac '00:11:22:33:44:55'
option key secretadminpass
config wifi-vlan
option iface default_radio0
option name 100
option vid 100
option network guest
config wifi-station
# With SAE, when 'mac' is omitted it will be the fallback in case no
# other MAC address matches. It won't be possible for a user that
# has a matching MAC to use this network (i.e., 00:11:22:33:44:55
# in this example).
option iface default_radio0
option vid 100
option key guestpass
```
Regarding PSK file creation optimization:
This patch now conditionally runs `hostapd_set_psk_file` depending on `auth_type`.
Previously, `hostapd_set_psk` would always execute `hostapd_set_psk_file`, which
would create a new file if `wifi-station` was in use even if PSK was not enabled.
This change checks the `auth_type` to ensure that it is appropriate to parse the
`wifi-station` entries and create those files.
Furthermore, we now only configure `wpa_psk_file` when it is a supported option
(i.e., psk or psk-sae is used). Previously, we used to configure it when it was
not necessary. While it didn't cause any issues, it would litter `/var/run` with
unnecessary files. This patch fixes that case by configuring it depending on the
`auth_type`.
The new SAE support is aligned with these PSK file changes.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17145
Signed-off-by: John Crispin <john@phrozen.org>
Fixup capabilities parsing in iw output.
In addition to the normal capabilities iw now also outputs HE MAC, HE
PHY and EHT MAC and EHT PHY capabilities. Exclude them in the parsing.
The grep returns this with mac80211-hwsim:
```
root@OpenWrt:~# iw phy phy0 info | grep 'Capabilities:'
Capabilities: 0x107e
HE PHY Capabilities: (0x02bfce0000000000000000):
EHT PHY Capabilities: (0x7c0000feffff7f01):
HE PHY Capabilities: (0x02bfce0000000000000000):
EHT PHY Capabilities: (0x7c0000feffff7f01):
HE PHY Capabilities: (0x02bf000000000000000000):
Capabilities: 0x107e
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfc1f3ffeffff7f37):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfc1f3ffeffff7f37):
HE PHY Capabilities: (0x1cbf000000000000000000):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfefffffeffffff7f):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfefffffeffffff7f):
HE PHY Capabilities: (0x1cbf000000000000000000):
Capabilities: 0x107e
```
With busybox 1.36.1 the ht_cap_mask variable will be set to
-72057598332895361. With busybox 1.37.0 it will be set to -1.
Both values are wrong, after this change it will be set to 4222
(0x107E).
Link: https://github.com/openwrt/openwrt/pull/17043
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This allows annotating wifi interfaces in the config in a way that can be
queried through wifi status. One example use case is to mark wifi interfaces
for use with specific services without having to explicitly reference the
(often unnamed) sections from elsewhere.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This patch allows the use of SAE when using PPSK after
https://w1.fi/cgit/hostap/commit/?id=fcbdaae8a52e542705a651ee78b39b02935fda20
added support for it.
It also implements a fix so that this option works with SAE. The reason this
doesn't work out of the box is because OpenWRT deviates from hostapd defaults
by setting `sae_pwe` option to 2 which makes this mode not function properly
(results in every auth attempt being denied).
That issue was addressed by not overriding hostapd's default for the `sae_pwe`
option when the PPSK option is in use. This should be fine because hostapd's
test cases specifically test this mode with the default SAE parameters. See:
https://w1.fi/cgit/hostap/commit/?id=c34b35b54e81dbacd9dee513b74604c87f93f6a3
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16343
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
