Most users on forums face a broken 802.11r setup when having
a very simple 802.11r config (i.e., just ieee80211r enabled).
In most cases, simply bumping reassociation_deadline to
20000 fixes their problems and allows 802.11r to just work.
Reassociation Deadline is already set to 20 seconds on Cisco
equipment by default[1] which is why this value has been
chosen.
It is also mentioned on the OpenWRT Wiki as a value that should
be changed in order for 802.11r to work on Apple devices. I think
it would be better to change the defaults instead so users don't
have to do much work for a working setup.
[1]: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Fixes: https://github.com/openwrt/openwrt/issues/7907
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20799
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is useful to alter the default ban time after an STA
association is rejected for being below RSSI threshold.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20811
Signed-off-by: Robert Marko <robimarko@gmail.com>
The CLI tools hostapd_cli and wpa_cli are compiled with
`TARGET_LDFLAGS_C` rather than the standard `TARGET_LDFLAGS`.
This variable is empty, leading to global linker options not being
applied.
Set this variable equal to `TARGET_LDFLAGS` right after the package.mk
include to make sure global linker options are applied, but local options
such as linking to crypto libraries are not.
Signed-off-by: Matthias Van Parys <matthias.vanparys@softathome.com>
Link: https://github.com/openwrt/openwrt/pull/20345
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently the path for setting 20MHz doesn't set ht_capab to '' at the
beginning which results in null in ht_capab in hostapd.conf.
Fix this by setting config.ht_capab to '' for 20MHz htmode.
Fixes: #20762
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/20768
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cbc8ff0e6226 github: ci: add powerpc arch
8eba02233133 github: ci: add cmake build and source directories
5f3104ea17ae github: ci: disable json-c tests
27ff42cd40f9 scripts: devel-build: disable json-c tests
e0a9d02b52d1 dhcpv6: DHCPV6_OPT_INFO_REFRESH contains a 4 byte option
5a02da9c1200 dhcpv6: use compile time resolved sizeof(struct in6_addr) for IPv6 values
cf203ceb3fc8 dhcpv6: set a static define for DUID max length
3627e85d1540 dhcpv6: set static defines for DHCPv6 option header size
ecb9a0243e77 odhcp6c: RFC comments
c284c587d37d all: spell fixes
1259a32d7e4d dhcpv6: dhcpv6_handle_reply switch case handling
227280a37853 dhcpv6: dhcpv6_handle_advert; migrate if blocks to switch case
b253f8907e72 dhcpv6: migrate to switch case for dhcpv6_handle_reply
61a54db802cb dhcpv6: migrate to switch case for dhcpv6_handle_reply
49c64bbe00ba all: drop CER_ID
16ce83075b2e dhcpv6: refactor u8 and u16 to u32 to avoid boolean coercion
e5690c1f13...cbc8ff0e62
Options related to homenet (EXT_CER_ID) have been removed, so drop them from
the package.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20791
This handles the case when 'wpad' or 'wpad-mini' package is used which is
missing WPA3 support. This makes it impossible to use ucode wifi-scripts
on such APs as it will raise an error:
daemon.err hostapd: Line 87: unknown configuration item 'sae_password_file'
This also achieves parity with what is currently happening with old wifi-scripts.
The behavior now matches.
Fixes: https://github.com/openwrt/openwrt/issues/20781
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20784
Signed-off-by: Robert Marko <robimarko@gmail.com>
Only set rsn_override_key_mgmt when rsn_override is enabled.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When encryption is set to 'sae' without explicit pairwise cipher in
non-HE/EHT mode, both the main RSNE and override RSNE would advertise
identical parameters (SAE+CCMP+MFP=2), adding unnecessary overhead.
Check that the pairwise ciphers differ before enabling override. This
preserves the intended behavior for HE/EHT modes (GCMP-256+CCMP vs CCMP)
while avoiding pointless override IEs.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The function was using phydev.name (e.g., "phy0.0") instead of
phydev.phy (e.g., "phy0") when calling wpa_supplicant.phy_set_macaddr_list.
This is inconsistent with all other wpa_supplicant ubus calls in the same
file which correctly use phydev.phy.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When an MLO interface specifies multiple radios and the first radio
is disabled, the MLO configuration was never created because the code
only attempted to create it when processing the first device in the
list (which gets skipped if disabled).
Fix by creating the MLO config for the first enabled device instead
of only when processing dev_names[0].
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Assign the address at wdev create time, similar to legacy interfaces.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ensure that the 4addr flag is passed to phy.wdev_add.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When using wpad-openssl/wpad-basic-openssl, wpa_supplicant/hostapd may not be ready because of openssl.
This cause supplicant.setup and hostapd.setup to be failed.
Therefore, wait for wpa_supplicant/hostapd to be ready before supplicant.setup and hostapd.setup.
Run-tested: mediatek/filogic GL-MT3000
fixes: #20361
Signed-off-by: Andy Chiang <AndyChiang_git@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Use stationary_ap configuration for 6GHz AX AP (not only BE).
This change fixes the 6GHz network not visible issue for QCN9024.
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Make it a little bit more consistant, and a bit more idiomatic.
Signed-off-by: David Härdeman <david@hardeman.nu>
Link: https://github.com/openwrt/openwrt/pull/20673
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The support has been removed from odhcpd, so remove the Makefile options
related to homenet.
Signed-off-by: David Härdeman <david@hardeman.nu>
Link: https://github.com/openwrt/openwrt/pull/20673
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
"system" is used to get the current time zone, "network" is used to get
the global DUID.
Signed-off-by: David Härdeman <david@hardeman.nu>
Link: https://github.com/openwrt/openwrt/pull/20673
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Support for this option has been removed from odhcpd, so remove it in
the defaults as well.
Signed-off-by: David Härdeman <david@hardeman.nu>
Link: https://github.com/openwrt/openwrt/pull/20673
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This exands the list of AKMs to display:
- display the hash when larger than the default (loosely based on
what hostapd uses in config).
- renaming 'WPA PSK2' to 'WPA PSK-SHA256' as a result
- separate FILS suites from plain 802.1x
- add suites 3, 5, 9, 19, 20, 24, and 25
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
Escape control characters when displaying ESSID. It is not uncommon for
a scan to encounter invalid SSIDs, containing binary data. Escape the
control characters to avoid messing the display (ENQ is particularly
bothersome).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
This adds the ESSID: line to the iwinfo scan results.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
This implements 65a1c666f2 ("hostapd: add SAE support for wifi-station
and optimize PSK file creation") and 913368a2 ("hostapd: add support for
SAE in PPSK option") for the ucode version as well.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/19965
Signed-off-by: Robert Marko <robimarko@gmail.com>
40563018dc87 iwinfo: print HT operation only if present
5f4c213fc59f iwinfo: export HE and EHT operation in scan results
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/20690
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently we unconditionally set it to 2.0 if 802.11ac and disregard
what the user set. This sets it to 2.0 only as a default in case
user didn't specify a tx_burst setting.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20565
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is useful if multiple passwords were specified without
the use of a SAE password identifier. This is the only
way to get multiple passwords for a single peer to work
without resorting to password identifiers.
Unfortunately, support for password identifiers is non-existent
on Android and macOS; and possibly others. So this is the only
option in that case.
As an alternative, one could also continue to use WPA2-PSK instead
as that could easily resort to a bruteforce approach without any
complications.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20597
Signed-off-by: Robert Marko <robimarko@gmail.com>
As this is generally only useful with "proxy_arp" enabled,
we default na_mcast_to_ucast to true if "proxy_arp" is already
enabled.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20596
Signed-off-by: Robert Marko <robimarko@gmail.com>
The raw option inside 'config wifi-iface' is called hostapd_bss_options,
not hostapd_options.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20657
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
`list address` entries in /etc/config/dhcp are sometimes (I'm not sure
about the exact conditions) passed to upstream resolver, bypassing local
resolution. Adding them (minus the IP) to --local prevents this. In the
configuration, this means that
# /etc/config/dhcp
list address '/hello.com/world.com/1.2.3.4'
list address '/foo.com/bar.com/4.3.2.1'
which previously translated into
# /var/etc/dnsmasq.conf.*
address=/hello.com/world.com/1.2.3.4
address=/foo.com/bar.com/4.3.2.1
now becomes
# /var/etc/dnsmasq.conf.*
address=/hello.com/world.com/1.2.3.4
local=/hello.com/world.com/
address=/foo.com/bar.com/4.3.2.1
local=/foo.com/bar.com/
This behaviour is controlled by the `address_as_local` boolean option, which
defaults to false (old behaviour). openwrt/luci#7957 adds support for this flag
to LuCI.
A workaround for a small list of domains is to add them to `option local`,
but this is very tedious to do for every `list address` entry and dnsmasq
limits this option to 1024 characters.
Signed-off-by: Marko Zajc <marko@zajc.tel>
Link: https://github.com/openwrt/openwrt/pull/18610
Signed-off-by: Robert Marko <robimarko@gmail.com>
Edit CMakeLists.txt to fulfill cmake 4.0 requirement that
cmake_minimum_required is now at least 3.5 and in future 3.10.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/20265
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
d44af6dd8f4e dhcpv6: create struct dhcpv6_lease
4df45c8c3722 dhcpv4: create struct dhcpv4_lease
a6dccae41b60 odhcpd: struct lease -> struct lease_cfg
fc0abb66f122 dhcpv4: use leasetime from a->lease
74eeff193848 router: always use link-local src address for RAs
b9a071b8341f router: Rewrite the ingress MTU to one configured for the interface
1ef9e0e610d5 router: utilize interface ra_mtu for RA
1480c09ee0aa config: clamp ra_mtu to interface MTU, and default ra_mtu to interface MTU
ee4f0df6bd68 netlink: Store interface MTU at link change
d174e25e85a1 github: fix CI apt dependencies
8f393d55a76e odhcpd: more fixes for IID calculations
fc27940fe9...d44af6dd8f
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
b3e1db42b4db odhcp6c: fix safe interval processing to follow RFC 4862
63461f64d4c1 dhcpv6: always include IA_NA and IA_PD in Request message if requested
1051cabb4da3 dhcpv6: fix incorrect IA type being printed in syslog
c5237eabeb5c odhcp6c: prevent RELEASE at shutdown when -k is set
a01b1ff1e50f odhcp6c: fix client exiting if Renew and Rebind fails
4839bf6d0feb odhcp6c: implement RKAP: Reconfiguration Key Authentication Protocol
52a9a847def4 dhcpv6: fix solicit loop when server has no address available
7b1f67c23de6 ubus: implement ubus methods to force a Renew and Release
2b0e8f2d8541 ubus: implement retransmission configuration via ubus
8d89d373f360 odhcp6c: add failure when -E option is used without ubus support enabled
58f3c9eb1163 odhcp6c: add new argument option to disable script call
1048fc4fb622 reconfigure: move all configuration functions to a new file
93f056d3a1f2 reconfigure: implement DHCP reconfiguration
af669fb23cd3 dhcpv6: implement statistics for DHCPv6
3a1a599fecb7 ubus: implement UBus method to get state data immediately
44c50214997d ubus: emit UBus event on DHCP state changes
33b972bc526a ubus: connect to UBus backend
2f609f248faf odhcp6c: implement asynchronous handling for DHCPv6 State
6466314e7f62 odhcp6c: enable Non-Blocking DHCPv6 Socket
1df65f0caf46 dhcpv6: refactor dhcp_request Function
047c63a8156b dhcpv6: add t1 and t2 transmission
1b5f0c402bbf dscp: add option to set dscp value
96017df54d8f dhcpv6: fix wrong retransmission of DHCPv6 Solicit
b929fc8a1cfd odhcp6c: add a simple build script
adc651ffed55 cmake: make libubox mandatory
5182e2b696ef cmake: drop EXT_PREFIX_CLASS
8d052c52e18d cmake: disable pedantic
f2521b296b21 github: fix CI apt dependencies
77e1ae21e6...b3e1db42b4
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
If proto 'dhcpv6' is set for an interface, dynamic interfaces are created
for the protocols map, dslite or 464xlat if this netifd protocols are
installed and the interface option is not explicitly set to '0'.
The problem is that this option cannot be configured via LuCI, which means
that the dynamic protocols are started. In my case, that is the '464xlat'
'6in4' protocol. I see the follwing log messages continuously in the log as
I do not have a '464xlat' in my network.
Fri Aug 22 10:36:33 2025 daemon.notice netifd: Interface 'wan6_4' is now down
Fri Aug 22 10:36:33 2025 daemon.notice netifd: Interface 'wan6_4' is setting up now
Fri Aug 22 10:36:36 2025 daemon.notice netifd: Interface 'wan6_4' is now down
Fri Aug 22 10:36:36 2025 daemon.notice netifd: Interface 'wan6_4' is setting up now
To fix this by adding a new option to disable the dynamic interface creation
for '4in6' if needed. The option is named '4in6_dynamic' and is a boolean.
If the new option is 'true' (default) dynamic interfaces are create.
If the new option set to 'false' no dynamic 4in6 interface are created.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The variable definitions are very confusing. Therefore, this commit groups
them together so that the line length is not exceeded.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This allow configuring the MTU of the ds-lite tunnel.
Updates #8190
Signed-off-by: Mateusz Poliwczak <mpoliwczak34@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20606
Signed-off-by: Robert Marko <robimarko@gmail.com>
This allows wpa_supplicant to process pending netlink socket messages
first. Without this change, there is a race condition where the newly
created interface processes netlink events from the removal of the
previous interface.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes it possible to have more flexible control over the supplicant
without having to install wpa_cli.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
AUTORELEASE has been deprecated from a long time. Drop it and hardcode
the release following the current one present in the downloads
repository.
Link: https://github.com/openwrt/openwrt/pull/20586
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
