hostapd/RADIUS_server: enhance logging

Currently, logging level of the RADIUS server is a constant corresponding
to the highest verbosity (EXCESSIVE, ALL), but when running as a system
service, the output is discarded.

This commit makes logging verbosity configurable by `log_level` option
and redirects all logs to `logd`. Possible levels are defined in hostap
sources:
https://w1.fi/cgit/hostap/tree/src/utils/wpa_debug.h?id=012a893c469157d5734f6f33953497ea6e3b0169#n23
Their reference is inlined in `radius.config` file.

Default value for logging verbosity is INFO (even if the `-l` flag isn't
specified).

Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
Link: https://github.com/openwrt/openwrt/pull/18089
Signed-off-by: Robert Marko <robimarko@gmail.com>

diff --git a/package/network/services/hostapd/files/radius.config b/package/network/services/hostapd/files/radius.config
index a66fc2a9ac06aea0cb6634f00004cd596a71df98..9c26b751f2555530094358017dfa7e4b664c4bdf 100644 (file)
--- a/package/network/services/hostapd/files/radius.config
+++ b/package/network/services/hostapd/files/radius.config
@@ -1,6 +1,17 @@
 config radius
        option disabled '1'
        option ipv6 '1'
+
+       # Logging levels:
+       #   0: ALL
+       #   1: MSGDUMP
+       #   2: DEBUG
+       #   3: INFO
+       #   4: WARNING
+       #   5: ERROR
+       # Default: INFO
+       option log_level '3'
+
        option ca_cert '/etc/radius/ca.pem'
        option cert '/etc/radius/cert.pem'
        option key '/etc/radius/key.pem'

diff --git a/package/network/services/hostapd/files/radius.init b/package/network/services/hostapd/files/radius.init
index b594993a562f67a1ff556a364aae56271d4a37a1..29f687c93f21af0f54cfb09a9bdd74608f935546 100644 (file)
--- a/package/network/services/hostapd/files/radius.init
+++ b/package/network/services/hostapd/files/radius.init
@@ -13,6 +13,7 @@ radius_start() {
        [ "$disabled" -gt 0 ] && return
 
        config_get_bool ipv6 "$cfg" ipv6 1
+       config_get log_level "$cfg" log_level 3
        config_get ca "$cfg" ca_cert
        config_get key "$cfg" key
        config_get cert "$cfg" cert
@@ -24,12 +25,14 @@ radius_start() {
 
        procd_open_instance $cfg
        procd_set_param command /usr/sbin/hostapd-radius \
-               -C "$ca" \
+               -l "$log_level" -C "$ca" \
                -c "$cert" -k "$key" \
                -s "$clients" -u "$users" \
                -p "$auth_port" -P "$acct_port" \
                -i "$identity"
        [ "$ipv6" -gt 0 ] && procd_append_param command -6
+       procd_set_param stdout 1
+       procd_set_param stderr 1
        procd_close_instance
 }
 

diff --git a/package/network/services/hostapd/src/hostapd/radius.c b/package/network/services/hostapd/src/hostapd/radius.c
index 362a22c276e38fdb77bc0fef58113fd255f806b3..7685d4d67433beac0ec765af4b1c05c5b554bc27 100644 (file)
--- a/package/network/services/hostapd/src/hostapd/radius.c
+++ b/package/network/services/hostapd/src/hostapd/radius.c
@@ -624,7 +624,6 @@ int radius_main(int argc, char **argv)
        int ch;
 
        wpa_debug_setup_stdout();
-       wpa_debug_level = 0;
 
        if (eloop_init()) {
                wpa_printf(MSG_ERROR, "Failed to initialize event loop");
@@ -634,11 +633,14 @@ int radius_main(int argc, char **argv)
        eap_server_register_methods();
        radius_init(&state);
 
-       while ((ch = getopt(argc, argv, "6C:c:d:i:k:K:p:P:s:u:")) != -1) {
+       while ((ch = getopt(argc, argv, "6l:C:c:d:i:k:K:p:P:s:u:")) != -1) {
                switch (ch) {
                case '6':
                        config.radius.ipv6 = 1;
                        break;
+               case 'l':
+                       wpa_debug_level = atoi(optarg);
+                       break;
                case 'C':
                        config.tls.ca_cert = optarg;
                        break;