Most users on forums face a broken 802.11r setup when having
a very simple 802.11r config (i.e., just ieee80211r enabled).
In most cases, simply bumping reassociation_deadline to
20000 fixes their problems and allows 802.11r to just work.
Reassociation Deadline is already set to 20 seconds on Cisco
equipment by default[1] which is why this value has been
chosen.
It is also mentioned on the OpenWRT Wiki as a value that should
be changed in order for 802.11r to work on Apple devices. I think
it would be better to change the defaults instead so users don't
have to do much work for a working setup.
[1]: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Fixes: https://github.com/openwrt/openwrt/issues/7907
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20799
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is useful to alter the default ban time after an STA
association is rejected for being below RSSI threshold.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20811
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently the path for setting 20MHz doesn't set ht_capab to '' at the
beginning which results in null in ht_capab in hostapd.conf.
Fix this by setting config.ht_capab to '' for 20MHz htmode.
Fixes: #20762
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/20768
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This handles the case when 'wpad' or 'wpad-mini' package is used which is
missing WPA3 support. This makes it impossible to use ucode wifi-scripts
on such APs as it will raise an error:
daemon.err hostapd: Line 87: unknown configuration item 'sae_password_file'
This also achieves parity with what is currently happening with old wifi-scripts.
The behavior now matches.
Fixes: https://github.com/openwrt/openwrt/issues/20781
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20784
Signed-off-by: Robert Marko <robimarko@gmail.com>
Only set rsn_override_key_mgmt when rsn_override is enabled.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When encryption is set to 'sae' without explicit pairwise cipher in
non-HE/EHT mode, both the main RSNE and override RSNE would advertise
identical parameters (SAE+CCMP+MFP=2), adding unnecessary overhead.
Check that the pairwise ciphers differ before enabling override. This
preserves the intended behavior for HE/EHT modes (GCMP-256+CCMP vs CCMP)
while avoiding pointless override IEs.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When an MLO interface specifies multiple radios and the first radio
is disabled, the MLO configuration was never created because the code
only attempted to create it when processing the first device in the
list (which gets skipped if disabled).
Fix by creating the MLO config for the first enabled device instead
of only when processing dev_names[0].
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ensure that the 4addr flag is passed to phy.wdev_add.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When using wpad-openssl/wpad-basic-openssl, wpa_supplicant/hostapd may not be ready because of openssl.
This cause supplicant.setup and hostapd.setup to be failed.
Therefore, wait for wpa_supplicant/hostapd to be ready before supplicant.setup and hostapd.setup.
Run-tested: mediatek/filogic GL-MT3000
fixes: #20361
Signed-off-by: Andy Chiang <AndyChiang_git@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Use stationary_ap configuration for 6GHz AX AP (not only BE).
This change fixes the 6GHz network not visible issue for QCN9024.
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
This exands the list of AKMs to display:
- display the hash when larger than the default (loosely based on
what hostapd uses in config).
- renaming 'WPA PSK2' to 'WPA PSK-SHA256' as a result
- separate FILS suites from plain 802.1x
- add suites 3, 5, 9, 19, 20, 24, and 25
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
Escape control characters when displaying ESSID. It is not uncommon for
a scan to encounter invalid SSIDs, containing binary data. Escape the
control characters to avoid messing the display (ENQ is particularly
bothersome).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
This adds the ESSID: line to the iwinfo scan results.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
This implements 65a1c666f2 ("hostapd: add SAE support for wifi-station
and optimize PSK file creation") and 913368a2 ("hostapd: add support for
SAE in PPSK option") for the ucode version as well.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/19965
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently we unconditionally set it to 2.0 if 802.11ac and disregard
what the user set. This sets it to 2.0 only as a default in case
user didn't specify a tx_burst setting.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20565
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is useful if multiple passwords were specified without
the use of a SAE password identifier. This is the only
way to get multiple passwords for a single peer to work
without resorting to password identifiers.
Unfortunately, support for password identifiers is non-existent
on Android and macOS; and possibly others. So this is the only
option in that case.
As an alternative, one could also continue to use WPA2-PSK instead
as that could easily resort to a bruteforce approach without any
complications.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20597
Signed-off-by: Robert Marko <robimarko@gmail.com>
As this is generally only useful with "proxy_arp" enabled,
we default na_mcast_to_ucast to true if "proxy_arp" is already
enabled.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20596
Signed-off-by: Robert Marko <robimarko@gmail.com>
The raw option inside 'config wifi-iface' is called hostapd_bss_options,
not hostapd_options.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20657
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
df2f5c9a30f8 veth: delete device before creation to handle stale state
b6d371f30770 system-linux: handle RTM_DELLINK events for device state tracking
777f5942fa7d system-linux: only parse device status for AF_UNSPEC link messages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Export WiFi 6E (HE) and WiFi 7 (EHT) operation data in scan results.
These additional data can be useful to check wifi channel utilization
by nearby stations.
Example:
Cell 32 - Address: xx:xx:xx:xx:xx:xx
Mode: Master Frequency: 6.115 GHz Band: 6 GHz Channel: 33
Signal: -14 dBm Quality: 70/70
Encryption: SAE (CCMP)
HE Operation:
Center Frequency 1: 39
Center Frequency 2: 47
Channel Width: 160 MHz
EHT Operation:
Center Frequency 1: 47
Center Frequency 2: 63
Channel Width: 320 MHz
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/19208
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This makes the DHCPv4 client use the global DHCP DUID to generate a
RFC4361-style client identifier.
Signed-off-by: David Härdeman <david@hardeman.nu>
Link: https://github.com/openwrt/openwrt/pull/20359
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently wifi-scripts ucode appends airtime_mode to hostapd config file
unconditionally.
However this breaks bringing up interface with hostapd-mini
because the mini variant doesn't support airtime policy.
Fix this by changing the script to append airtime_mode only when
airtime_mode is set to greater than zero value in /etc/config/wireless.
Fixes: #20136Fixes: #20314
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
When a phy appears after setup has already been attempted, tell netifd
to retry setup for all failed wireless devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This can be used by other services to trigger reconfiguration, or detect when
PHY renaming has been performed.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ensures that renaming is handled properly. For disabled radios, setup is
performed with an empty list of interfaces.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
c3bf8fd913a4 interface: fix reload for devices that point to vlan aliases
22216cac7c94 bridge: fix reload when ports refer to aliased vlans on another bridge
ecca21ca07dd system: add logging wrappers for basic system functions
Signed-off-by: Felix Fietkau <nbd@nbd.name>
There are no supported drivers where it even makes sense to disable WMM
anymore, since so much depends on it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The option is an array, and for each entry there should be one generated
line in hostapd.conf. Commas also need to be replaced with whitespace
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Can also be used for a client mode interface that is able to connect on
multiple bands individually, while handling hostapd state for the correct
band.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- fix the variable name in the configuration file
- provide a default scan list in case the user did not configure it (MLO preparation)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Move mlo specific hostapd ubus call from wireless handler to netifd core
ucode script. This avoids unnecessary queueing and the fake MLO wireless
device.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Currently it is printed as "null" (including quotes). Display it the same
as old iwinfo as unknown (no quotes).
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
When creating the PSK file, the old script sets `mac` to
`00:00:00:00:00:00` when `mac` is not specified (see [here][1]),
creating hostapd configuration lines like:
vlanid=10 00:00:00:00:00:00 MyStrongPassword
That matches any MAC address (a wildcard). The `ucode` script alternative
misses the default, so set it.
[1]: 9c26d14489/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh (L428)
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
