From: Rany Hany Date: Mon, 10 Feb 2025 10:25:41 +0000 (+0000) Subject: hostapd: update to version 2025-02-09 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=4779b731d4ecbb351f1cff918a4a1a2c069fb3b1;p=openwrt%2Fstaging%2Fstintel.git hostapd: update to version 2025-02-09 Manually refreshed: 010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch 110-mbedtls-TLS-crypto-option-initial-port.patch 140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch 301-mesh-noscan.patch 601-ucode_support.patch 780-Implement-APuP-Access-Point-Micro-Peering.patch Dropped upstreamed: 330-nl80211_fix_set_freq.patch 804-hostapd-Fix-clearing-up-settings-for-color-switch.patch Automatically rebased all other patches. Tested-by: Rany Hany # ramips_mt7621/asus_rt-ax53u, mt7622/xiaomi_redmi-router-ax6s Tested-by: Andre Heider # filogic/openwrt_one, ramips_mt7621/netgear_wac124 Tested-by: Agustin Lorenzo # qualcommax/ipq807x (AX3600) Tested-by: Daniel Pawlik # BPi-R4 with mt7996 Signed-off-by: Rany Hany --- diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 58c18a9088..e2a0a1e70a 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -5,13 +5,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_RELEASE:=3 +PKG_RELEASE:=1 PKG_SOURCE_URL:=https://w1.fi/hostap.git PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2024-09-15 -PKG_SOURCE_VERSION:=5ace39b0a4cdbe18ddbc4e18f80ee3876233c20b -PKG_MIRROR_HASH:=43187d1ddd923970ef3821a0fe267880c2483f6f1a5acd0dd2d7906661ab1372 +PKG_SOURCE_DATE:=2025-02-09 +PKG_SOURCE_VERSION:=c8c7d56a3d3c4ca79bcbb6a87f372ce4bc2e9f11 +PKG_MIRROR_HASH:=fafdef456a545bd1de0cbd7b68b520e5be7e70ad1aab7ef051b1fc5ccaaa012a PKG_MAINTAINER:=Felix Fietkau PKG_LICENSE:=BSD-3-Clause @@ -158,7 +158,7 @@ define Package/hostapd/Default CATEGORY:=Network SUBMENU:=WirelessAPD TITLE:=IEEE 802.1x Authenticator - URL:=http://hostap.epitest.fi/ + URL:=https://w1.fi/hostapd/ DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS) EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-r$(PKG_RELEASE)) USERID:=network=101:network=101 @@ -267,7 +267,7 @@ define Package/wpad/Default DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS) EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-r$(PKG_RELEASE)) USERID:=network=101:network=101 - URL:=http://hostap.epitest.fi/ + URL:=https://w1.fi/ PROVIDES:=hostapd wpa-supplicant CONFLICTS:=$(HOSTAPD_PROVIDERS) $(SUPPLICANT_PROVIDERS) HOSTAPD_PROVIDERS+=$(1) @@ -408,7 +408,7 @@ define Package/wpa-supplicant/Default CATEGORY:=Network SUBMENU:=WirelessAPD TITLE:=WPA Supplicant - URL:=http://hostap.epitest.fi/wpa_supplicant/ + URL:=https://w1.fi/wpa_supplicant/ DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS) EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-r$(PKG_RELEASE)) USERID:=network=101:network=101 @@ -506,7 +506,7 @@ define Package/hostapd-utils CATEGORY:=Network SUBMENU:=WirelessAPD TITLE:=IEEE 802.1x Authenticator (utils) - URL:=http://hostap.epitest.fi/ + URL:=https://w1.fi/hostapd/ DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(HOSTAPD_PROVIDERS),PACKAGE_$(pkg))) VARIANT:=* endef diff --git a/package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch b/package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch index d20a6d76d4..9eef846f82 100644 --- a/package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch +++ b/package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch @@ -14,7 +14,7 @@ Signed-off-by: Peter Oh --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2831,7 +2831,7 @@ static int drv_supports_vht(struct wpa_s +@@ -2972,7 +2972,7 @@ static int drv_supports_vht(struct wpa_s } @@ -23,7 +23,7 @@ Signed-off-by: Peter Oh { int i; -@@ -2840,7 +2840,10 @@ static bool ibss_mesh_is_80mhz_avail(int +@@ -2981,7 +2981,10 @@ static bool ibss_mesh_is_80mhz_avail(int chan = hw_get_channel_chan(mode, i, NULL); if (!chan || @@ -35,7 +35,7 @@ Signed-off-by: Peter Oh return false; } -@@ -2967,7 +2970,7 @@ static void ibss_mesh_select_40mhz(struc +@@ -3108,7 +3111,7 @@ static void ibss_mesh_select_40mhz(struc const struct wpa_ssid *ssid, struct hostapd_hw_modes *mode, struct hostapd_freq_params *freq, @@ -44,7 +44,7 @@ Signed-off-by: Peter Oh int chan_idx; struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL; int i, res; -@@ -2991,8 +2994,11 @@ static void ibss_mesh_select_40mhz(struc +@@ -3132,8 +3135,11 @@ static void ibss_mesh_select_40mhz(struc return; /* Check primary channel flags */ @@ -57,7 +57,7 @@ Signed-off-by: Peter Oh #ifdef CONFIG_HT_OVERRIDES if (ssid->disable_ht40) -@@ -3018,8 +3024,11 @@ static void ibss_mesh_select_40mhz(struc +@@ -3159,8 +3165,11 @@ static void ibss_mesh_select_40mhz(struc return; /* Check secondary channel flags */ @@ -70,7 +70,7 @@ Signed-off-by: Peter Oh if (ht40 == -1) { if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS)) -@@ -3074,7 +3083,7 @@ static bool ibss_mesh_select_80_160mhz(s +@@ -3236,7 +3245,7 @@ static bool ibss_mesh_select_80_160mhz(s const struct wpa_ssid *ssid, struct hostapd_hw_modes *mode, struct hostapd_freq_params *freq, @@ -79,7 +79,7 @@ Signed-off-by: Peter Oh static const int bw80[] = { 5180, 5260, 5500, 5580, 5660, 5745, 5825, 5955, 6035, 6115, 6195, 6275, 6355, 6435, -@@ -3119,7 +3128,7 @@ static bool ibss_mesh_select_80_160mhz(s +@@ -3286,7 +3295,7 @@ static bool ibss_mesh_select_80_160mhz(s goto skip_80mhz; /* Use 40 MHz if channel not usable */ @@ -88,7 +88,7 @@ Signed-off-by: Peter Oh goto skip_80mhz; chwidth = CONF_OPER_CHWIDTH_80MHZ; -@@ -3133,7 +3142,7 @@ static bool ibss_mesh_select_80_160mhz(s +@@ -3300,7 +3309,7 @@ static bool ibss_mesh_select_80_160mhz(s if ((mode->he_capab[ieee80211_mode].phy_cap[ HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] & HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz && @@ -97,7 +97,20 @@ Signed-off-by: Peter Oh for (j = 0; j < ARRAY_SIZE(bw160); j++) { if (freq->freq == bw160[j]) { chwidth = CONF_OPER_CHWIDTH_160MHZ; -@@ -3161,10 +3170,12 @@ static bool ibss_mesh_select_80_160mhz(s +@@ -3317,9 +3326,9 @@ static bool ibss_mesh_select_80_160mhz(s + if ((mode->eht_capab[ieee80211_mode].phy_cap[ + EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_IDX] & + EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_MASK) && is_6ghz && +- ibss_mesh_is_80mhz_avail(channel + 16, mode) && +- ibss_mesh_is_80mhz_avail(channel + 32, mode) && +- ibss_mesh_is_80mhz_avail(channel + 48, mode)) { ++ ibss_mesh_is_80mhz_avail(channel + 16, mode, dfs_enabled) && ++ ibss_mesh_is_80mhz_avail(channel + 32, mode, dfs_enabled) && ++ ibss_mesh_is_80mhz_avail(channel + 48, mode, dfs_enabled)) { + for (j = 0; j < ARRAY_SIZE(bw320); j += 2) { + if (freq->freq >= bw320[j] && + freq->freq <= bw320[j + 1]) { +@@ -3348,10 +3357,12 @@ static bool ibss_mesh_select_80_160mhz(s if (!chan) continue; @@ -113,7 +126,7 @@ Signed-off-by: Peter Oh /* Found a suitable second segment for 80+80 */ chwidth = CONF_OPER_CHWIDTH_80P80MHZ; -@@ -3219,6 +3230,7 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -3406,6 +3417,7 @@ void ibss_mesh_setup_freq(struct wpa_sup int obss_scan = 1; u8 channel; bool is_6ghz, is_24ghz; @@ -121,7 +134,7 @@ Signed-off-by: Peter Oh freq->freq = ssid->frequency; -@@ -3261,9 +3273,9 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -3448,9 +3460,9 @@ void ibss_mesh_setup_freq(struct wpa_sup freq->channel = channel; /* Setup higher BW only for 5 GHz */ if (mode->mode == HOSTAPD_MODE_IEEE80211A) { diff --git a/package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch b/package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch index bfc30e2842..9d925cd8c6 100644 --- a/package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch +++ b/package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch @@ -68,7 +68,7 @@ Signed-off-by: Markus Theil chan_idx, num_available_chandefs); --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -11465,6 +11465,10 @@ static int nl80211_switch_channel(void * +@@ -11656,6 +11656,10 @@ static int nl80211_switch_channel(void * if (ret) goto error; diff --git a/package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch b/package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch index b5551f50e6..a5aa688efb 100644 --- a/package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch +++ b/package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch @@ -4,7 +4,7 @@ Subject: [PATCH] fix adding back stations after a missed deauth/disassoc --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c -@@ -4784,6 +4784,13 @@ static int add_associated_sta(struct hos +@@ -4894,6 +4894,13 @@ static int add_associated_sta(struct hos * drivers to accept the STA parameter configuration. Since this is * after a new FT-over-DS exchange, a new TK has been derived, so key * reinstallation is not a concern for this case. @@ -18,7 +18,7 @@ Subject: [PATCH] fix adding back stations after a missed deauth/disassoc */ wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)", -@@ -4797,7 +4804,8 @@ static int add_associated_sta(struct hos +@@ -4907,7 +4914,8 @@ static int add_associated_sta(struct hos (!(sta->flags & WLAN_STA_AUTHORIZED) || (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) || (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) && diff --git a/package/network/services/hostapd/patches/050-Fix-OpenWrt-13156.patch b/package/network/services/hostapd/patches/050-Fix-OpenWrt-13156.patch index 2492e480fb..584dd3b2f8 100644 --- a/package/network/services/hostapd/patches/050-Fix-OpenWrt-13156.patch +++ b/package/network/services/hostapd/patches/050-Fix-OpenWrt-13156.patch @@ -20,7 +20,7 @@ Signed-off-by: Stijn Tintel --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -4055,6 +4055,8 @@ int hostapd_remove_iface(struct hapd_int +@@ -4075,6 +4075,8 @@ int hostapd_remove_iface(struct hapd_int void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta, int reassoc) { @@ -29,7 +29,7 @@ Signed-off-by: Stijn Tintel if (hapd->tkip_countermeasures) { hostapd_drv_sta_deauth(hapd, sta->addr, WLAN_REASON_MICHAEL_MIC_FAILURE); -@@ -4062,10 +4064,16 @@ void hostapd_new_assoc_sta(struct hostap +@@ -4082,10 +4084,16 @@ void hostapd_new_assoc_sta(struct hostap } #ifdef CONFIG_IEEE80211BE @@ -48,10 +48,10 @@ Signed-off-by: Stijn Tintel + hostapd_prune_associations(hapd, sta->addr, mld_assoc_link_id); ap_sta_clear_disconnect_timeouts(hapd, sta); - sta->post_csa_sa_query = 0; + ap_sta_clear_assoc_timeout(hapd, sta); --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c -@@ -1485,9 +1485,6 @@ bool ap_sta_set_authorized_flag(struct h +@@ -1552,9 +1552,6 @@ bool ap_sta_set_authorized_flag(struct h mld_assoc_link_id = -2; } #endif /* CONFIG_IEEE80211BE */ diff --git a/package/network/services/hostapd/patches/051-nl80211-add-extra-ies-only-if-allowed-by-driver.patch b/package/network/services/hostapd/patches/051-nl80211-add-extra-ies-only-if-allowed-by-driver.patch index 46ee6234be..cba6614633 100644 --- a/package/network/services/hostapd/patches/051-nl80211-add-extra-ies-only-if-allowed-by-driver.patch +++ b/package/network/services/hostapd/patches/051-nl80211-add-extra-ies-only-if-allowed-by-driver.patch @@ -26,7 +26,7 @@ Signed-off-by: David Bauer --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -2390,6 +2390,9 @@ struct wpa_driver_capa { +@@ -2411,6 +2411,9 @@ struct wpa_driver_capa { /** Maximum number of iterations in a single scan plan */ u32 max_sched_scan_plan_iterations; @@ -38,7 +38,7 @@ Signed-off-by: David Bauer --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c -@@ -976,6 +976,10 @@ static int wiphy_info_handler(struct nl_ +@@ -984,6 +984,10 @@ static int wiphy_info_handler(struct nl_ nla_get_u32(tb[NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS]); } @@ -59,4 +59,4 @@ Signed-off-by: David Bauer + if (params->extra_ies && drv->capa.max_scan_ie_len >= params->extra_ies_len) { wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", params->extra_ies, params->extra_ies_len); - if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, + if (params->extra_ies_len > drv->capa.max_probe_req_ie_len) diff --git a/package/network/services/hostapd/patches/052-AP-add-missing-null-pointer-check-in-hostapd_free_ha.patch b/package/network/services/hostapd/patches/052-AP-add-missing-null-pointer-check-in-hostapd_free_ha.patch index 01a0fba600..350411be54 100644 --- a/package/network/services/hostapd/patches/052-AP-add-missing-null-pointer-check-in-hostapd_free_ha.patch +++ b/package/network/services/hostapd/patches/052-AP-add-missing-null-pointer-check-in-hostapd_free_ha.patch @@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -485,7 +485,7 @@ void hostapd_free_hapd_data(struct hosta +@@ -489,7 +489,7 @@ void hostapd_free_hapd_data(struct hosta struct hapd_interfaces *ifaces = hapd->iface->interfaces; size_t i; diff --git a/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch b/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch index ca56b38f68..ab05c92d36 100644 --- a/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch +++ b/package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch @@ -21,7 +21,7 @@ Signed-off-by: Glenn Strauss --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -757,6 +757,40 @@ endif +@@ -759,6 +759,40 @@ endif CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\" endif @@ -62,7 +62,7 @@ Signed-off-by: Glenn Strauss ifeq ($(CONFIG_TLS), gnutls) ifndef CONFIG_CRYPTO # default to libgcrypt -@@ -936,9 +970,11 @@ endif +@@ -938,9 +972,11 @@ endif ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), wolfssl) @@ -74,7 +74,7 @@ Signed-off-by: Glenn Strauss ifdef NEED_AES_EAX AESOBJS += ../src/crypto/aes-eax.o NEED_AES_CTR=y -@@ -948,38 +984,48 @@ AESOBJS += ../src/crypto/aes-siv.o +@@ -950,38 +986,48 @@ AESOBJS += ../src/crypto/aes-siv.o NEED_AES_CTR=y endif ifdef NEED_AES_CTR @@ -123,7 +123,7 @@ Signed-off-by: Glenn Strauss ifdef NEED_AES_DEC ifdef CONFIG_INTERNAL_AES AESOBJS += ../src/crypto/aes-internal-dec.o -@@ -994,12 +1040,16 @@ ifneq ($(CONFIG_TLS), openssl) +@@ -996,12 +1042,16 @@ ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) ifneq ($(CONFIG_TLS), wolfssl) @@ -140,7 +140,7 @@ Signed-off-by: Glenn Strauss ifdef CONFIG_INTERNAL_SHA1 SHA1OBJS += ../src/crypto/sha1-internal.o ifdef NEED_FIPS186_2_PRF -@@ -1008,16 +1058,22 @@ endif +@@ -1010,16 +1060,22 @@ endif endif ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), wolfssl) @@ -163,7 +163,7 @@ Signed-off-by: Glenn Strauss ifdef NEED_SHA1 OBJS += $(SHA1OBJS) -@@ -1027,11 +1083,13 @@ ifneq ($(CONFIG_TLS), openssl) +@@ -1029,11 +1085,13 @@ ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) ifneq ($(CONFIG_TLS), wolfssl) @@ -177,7 +177,7 @@ Signed-off-by: Glenn Strauss ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 -@@ -1070,56 +1128,81 @@ ifneq ($(CONFIG_TLS), openssl) +@@ -1083,56 +1141,81 @@ ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) ifneq ($(CONFIG_TLS), wolfssl) @@ -259,7 +259,7 @@ Signed-off-by: Glenn Strauss ifdef CONFIG_INTERNAL_SHA384 CFLAGS += -DCONFIG_INTERNAL_SHA384 -@@ -1164,11 +1247,13 @@ HOBJS += $(SHA1OBJS) +@@ -1177,11 +1260,13 @@ HOBJS += $(SHA1OBJS) ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), wolfssl) @@ -273,7 +273,7 @@ Signed-off-by: Glenn Strauss ifdef CONFIG_RADIUS_SERVER CFLAGS += -DRADIUS_SERVER -@@ -1342,7 +1427,9 @@ NOBJS += ../src/utils/trace.o +@@ -1355,7 +1440,9 @@ NOBJS += ../src/utils/trace.o endif HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o @@ -283,11 +283,13 @@ Signed-off-by: Glenn Strauss ifdef CONFIG_INTERNAL_AES HOBJS += ../src/crypto/aes-internal.o HOBJS += ../src/crypto/aes-internal-enc.o -@@ -1365,13 +1452,17 @@ SOBJS += ../src/common/sae.o +@@ -1378,18 +1465,24 @@ SOBJS += ../src/common/sae.o SOBJS += ../src/common/sae_pk.o SOBJS += ../src/common/dragonfly.o SOBJS += $(AESOBJS) +ifneq ($(CONFIG_TLS), mbedtls) + SOBJS += ../src/crypto/sha384.o + SOBJS += ../src/crypto/sha512.o SOBJS += ../src/crypto/sha256-prf.o SOBJS += ../src/crypto/sha384-prf.o SOBJS += ../src/crypto/sha512-prf.o @@ -298,9 +300,14 @@ Signed-off-by: Glenn Strauss SOBJS += ../src/crypto/sha384-kdf.o SOBJS += ../src/crypto/sha512-kdf.o +endif + SOBJS += ../src/common/wpa_common.o + SOBJS += ../src/crypto/random.o ++ifneq ($(CONFIG_TLS), mbedtls) + SOBJS += ../src/crypto/sha1-prf.o ++endif + SOBJS += ../src/utils/eloop.o _OBJS_VAR := NOBJS - include ../src/objs.mk --- a/hostapd/defconfig +++ b/hostapd/defconfig @@ -6,9 +6,21 @@ @@ -7765,7 +7772,7 @@ Signed-off-by: Glenn Strauss CONFIG_SIM_SIMULATOR=y --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -1230,6 +1230,29 @@ endif +@@ -1232,6 +1232,29 @@ endif CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\" endif @@ -7795,7 +7802,7 @@ Signed-off-by: Glenn Strauss ifeq ($(CONFIG_TLS), gnutls) ifndef CONFIG_CRYPTO # default to libgcrypt -@@ -1422,9 +1445,11 @@ endif +@@ -1424,9 +1447,11 @@ endif ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), wolfssl) @@ -7807,7 +7814,7 @@ Signed-off-by: Glenn Strauss ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP # Seems to be needed at least with BoringSSL NEED_INTERNAL_AES_WRAP=y -@@ -1438,9 +1463,11 @@ endif +@@ -1440,9 +1465,11 @@ endif ifdef NEED_INTERNAL_AES_WRAP ifneq ($(CONFIG_TLS), linux) @@ -7819,7 +7826,7 @@ Signed-off-by: Glenn Strauss ifdef NEED_AES_EAX AESOBJS += ../src/crypto/aes-eax.o NEED_AES_CTR=y -@@ -1450,35 +1477,45 @@ AESOBJS += ../src/crypto/aes-siv.o +@@ -1452,35 +1479,45 @@ AESOBJS += ../src/crypto/aes-siv.o NEED_AES_CTR=y endif ifdef NEED_AES_CTR @@ -7865,7 +7872,7 @@ Signed-off-by: Glenn Strauss ifdef NEED_AES_ENC ifdef CONFIG_INTERNAL_AES AESOBJS += ../src/crypto/aes-internal-enc.o -@@ -1493,12 +1530,16 @@ ifneq ($(CONFIG_TLS), openssl) +@@ -1495,12 +1532,16 @@ ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) ifneq ($(CONFIG_TLS), wolfssl) @@ -7882,7 +7889,7 @@ Signed-off-by: Glenn Strauss ifdef CONFIG_INTERNAL_SHA1 SHA1OBJS += ../src/crypto/sha1-internal.o ifdef NEED_FIPS186_2_PRF -@@ -1510,29 +1551,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2 +@@ -1512,29 +1553,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2 else ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), wolfssl) @@ -7920,7 +7927,7 @@ Signed-off-by: Glenn Strauss ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 MD5OBJS += ../src/crypto/md5-internal.o -@@ -1587,12 +1636,17 @@ ifneq ($(CONFIG_TLS), openssl) +@@ -1589,12 +1638,17 @@ ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), linux) ifneq ($(CONFIG_TLS), gnutls) ifneq ($(CONFIG_TLS), wolfssl) @@ -7938,7 +7945,7 @@ Signed-off-by: Glenn Strauss ifdef CONFIG_INTERNAL_SHA256 SHA256OBJS += ../src/crypto/sha256-internal.o endif -@@ -1605,50 +1659,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512 +@@ -1607,50 +1661,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512 SHA256OBJS += ../src/crypto/sha512-internal.o endif ifdef NEED_TLS_PRF_SHA256 @@ -8007,7 +8014,7 @@ Signed-off-by: Glenn Strauss ifdef NEED_ASN1 OBJS += ../src/tls/asn1.o -@@ -1823,10 +1895,12 @@ ifdef CONFIG_FIPS +@@ -1825,10 +1897,12 @@ ifdef CONFIG_FIPS CFLAGS += -DCONFIG_FIPS ifneq ($(CONFIG_TLS), openssl) ifneq ($(CONFIG_TLS), wolfssl) diff --git a/package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch b/package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch index ebb7b51be6..5534de7efa 100644 --- a/package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch +++ b/package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch @@ -12,7 +12,7 @@ Signed-off-by: Glenn Strauss --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -771,10 +771,6 @@ endif +@@ -773,10 +773,6 @@ endif OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o HOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o SOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o @@ -101,7 +101,7 @@ Signed-off-by: Glenn Strauss --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -1241,10 +1241,6 @@ endif +@@ -1243,10 +1243,6 @@ endif OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o diff --git a/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch b/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch index 6bc1b78bda..babc2a568d 100644 --- a/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch +++ b/package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch @@ -61,15 +61,15 @@ Signed-off-by: Glenn Strauss --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -708,6 +708,7 @@ CFLAGS += -DCONFIG_TLSV12 +@@ -709,6 +709,7 @@ CFLAGS += -DCONFIG_TLSV12 endif ifeq ($(CONFIG_TLS), wolfssl) +CFLAGS += -DCONFIG_TLS_WOLFSSL + CFLAGS += -DCRYPTO_RSA_OAEP_SHA256 CONFIG_CRYPTO=wolfssl ifdef TLS_FUNCS - OBJS += ../src/crypto/tls_wolfssl.o -@@ -728,6 +729,7 @@ endif +@@ -730,6 +731,7 @@ endif endif ifeq ($(CONFIG_TLS), openssl) @@ -77,7 +77,7 @@ Signed-off-by: Glenn Strauss CFLAGS += -DCRYPTO_RSA_OAEP_SHA256 CONFIG_CRYPTO=openssl ifdef TLS_FUNCS -@@ -758,6 +760,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF +@@ -760,6 +762,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF endif ifeq ($(CONFIG_TLS), mbedtls) @@ -85,7 +85,7 @@ Signed-off-by: Glenn Strauss ifndef CONFIG_CRYPTO CONFIG_CRYPTO=mbedtls endif -@@ -788,6 +791,7 @@ endif +@@ -790,6 +793,7 @@ endif endif ifeq ($(CONFIG_TLS), gnutls) @@ -93,7 +93,7 @@ Signed-off-by: Glenn Strauss ifndef CONFIG_CRYPTO # default to libgcrypt CONFIG_CRYPTO=gnutls -@@ -818,6 +822,7 @@ endif +@@ -820,6 +824,7 @@ endif endif ifeq ($(CONFIG_TLS), internal) @@ -101,7 +101,7 @@ Signed-off-by: Glenn Strauss ifndef CONFIG_CRYPTO CONFIG_CRYPTO=internal endif -@@ -896,6 +901,7 @@ endif +@@ -898,6 +903,7 @@ endif endif ifeq ($(CONFIG_TLS), linux) @@ -695,10 +695,10 @@ Signed-off-by: Glenn Strauss tls = dev.request("GET tls_library") + if tls.startswith("mbed TLS"): + raise HwsimSkip("TLS v1.3 not supported") - ok = ['run=OpenSSL 1.1.1', 'run=OpenSSL 3.0', 'run=OpenSSL 3.1', - 'run=OpenSSL 3.2', 'run=OpenSSL 3.3', 'wolfSSL'] + ok = ['run=OpenSSL 1.1.1', 'run=OpenSSL 3.', 'wolfSSL'] for s in ok: -@@ -122,11 +161,15 @@ def check_pkcs12_support(dev): + if s in tls: +@@ -121,11 +160,15 @@ def check_pkcs12_support(dev): # raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls) if tls.startswith("wolfSSL"): raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls) @@ -714,7 +714,7 @@ Signed-off-by: Glenn Strauss def check_ec_support(dev): tls = dev.request("GET tls_library") -@@ -1741,7 +1784,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma +@@ -1740,7 +1783,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma eap_connect(dev[0], hapd, "TTLS", "pap user", anonymous_identity="ttls", password="password", ca_cert="auth_serv/ca.pem", phase2="auth=PAP", @@ -723,7 +723,7 @@ Signed-off-by: Glenn Strauss altsubject_match="EMAIL:noone@example.com;DNS:server.w1.fi;URI:http://example.com/") eap_reauth(dev[0], "TTLS") -@@ -2976,6 +3019,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc +@@ -2975,6 +3018,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc def test_ap_wpa2_eap_tls_neg_subject_match(dev, apdev): """WPA2-Enterprise negative test - subject mismatch""" @@ -731,7 +731,7 @@ Signed-off-by: Glenn Strauss params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") hostapd.add_ap(apdev[0], params) dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", -@@ -3036,6 +3080,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat +@@ -3035,6 +3079,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat def test_ap_wpa2_eap_tls_neg_altsubject_match(dev, apdev): """WPA2-Enterprise negative test - altsubject mismatch""" @@ -739,7 +739,7 @@ Signed-off-by: Glenn Strauss params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") hostapd.add_ap(apdev[0], params) -@@ -3582,7 +3627,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde +@@ -3581,7 +3626,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde dev[0].request("REMOVE_NETWORK all") tls = dev[0].request("GET tls_library") @@ -748,7 +748,7 @@ Signed-off-by: Glenn Strauss tests = [(1, "os_get_random;dh_init")] else: tests = [(1, "crypto_dh_init;dh_init")] -@@ -4896,7 +4941,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca +@@ -4901,7 +4946,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca params["private_key"] = "auth_serv/iCA-server/server.key" hostapd.add_ap(apdev[0], params) tls = dev[0].request("GET tls_library") @@ -757,7 +757,7 @@ Signed-off-by: Glenn Strauss ca_cert = "auth_serv/iCA-user/ca-and-root.pem" client_cert = "auth_serv/iCA-user/user_and_ica.pem" else: -@@ -4962,6 +5007,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca +@@ -4967,6 +5012,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, "-sha1") def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md): @@ -765,7 +765,7 @@ Signed-off-by: Glenn Strauss params = int_eap_server_params() params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" params["server_cert"] = "auth_serv/iCA-server/server.pem" -@@ -4971,7 +5017,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ +@@ -4976,7 +5022,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ try: hostapd.add_ap(apdev[0], params) tls = dev[0].request("GET tls_library") @@ -774,7 +774,7 @@ Signed-off-by: Glenn Strauss ca_cert = "auth_serv/iCA-user/ca-and-root.pem" client_cert = "auth_serv/iCA-user/user_and_ica.pem" else: -@@ -5007,7 +5053,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ +@@ -5012,7 +5058,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_ try: hostapd.add_ap(apdev[0], params) tls = dev[0].request("GET tls_library") @@ -783,7 +783,7 @@ Signed-off-by: Glenn Strauss ca_cert = "auth_serv/iCA-user/ca-and-root.pem" client_cert = "auth_serv/iCA-user/user_and_ica.pem" else: -@@ -5057,7 +5103,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca +@@ -5062,7 +5108,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca try: hostapd.add_ap(apdev[0], params) tls = dev[0].request("GET tls_library") @@ -792,7 +792,7 @@ Signed-off-by: Glenn Strauss ca_cert = "auth_serv/iCA-user/ca-and-root.pem" client_cert = "auth_serv/iCA-user/user_and_ica.pem" else: -@@ -5124,7 +5170,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca +@@ -5129,7 +5175,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca hostapd.add_ap(apdev[0], params) tls = dev[0].request("GET tls_library") @@ -801,7 +801,7 @@ Signed-off-by: Glenn Strauss ca_cert = "auth_serv/iCA-user/ca-and-root.pem" client_cert = "auth_serv/iCA-user/user_and_ica.pem" else: -@@ -5382,6 +5428,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek +@@ -5387,6 +5433,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek def test_ap_wpa2_eap_ttls_server_pkcs12(dev, apdev): """WPA2-Enterprise using EAP-TTLS and server PKCS#12 file""" @@ -809,7 +809,7 @@ Signed-off-by: Glenn Strauss skip_with_fips(dev[0]) params = int_eap_server_params() del params["server_cert"] -@@ -5394,6 +5441,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12( +@@ -5399,6 +5446,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12( def test_ap_wpa2_eap_ttls_server_pkcs12_extra(dev, apdev): """EAP-TTLS and server PKCS#12 file with extra certs""" @@ -817,7 +817,7 @@ Signed-off-by: Glenn Strauss skip_with_fips(dev[0]) params = int_eap_server_params() del params["server_cert"] -@@ -5416,6 +5464,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv +@@ -5421,6 +5469,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev): """WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)""" @@ -825,7 +825,7 @@ Signed-off-by: Glenn Strauss params = int_eap_server_params() params["dh_file"] = "auth_serv/dsaparam.pem" hapd = hostapd.add_ap(apdev[0], params) -@@ -5727,8 +5776,8 @@ def test_ap_wpa2_eap_non_ascii_identity2 +@@ -5732,8 +5781,8 @@ def test_ap_wpa2_eap_non_ascii_identity2 def test_openssl_cipher_suite_config_wpas(dev, apdev): """OpenSSL cipher suite configuration on wpa_supplicant""" tls = dev[0].request("GET tls_library") @@ -836,7 +836,7 @@ Signed-off-by: Glenn Strauss params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") hapd = hostapd.add_ap(apdev[0], params) eap_connect(dev[0], hapd, "TTLS", "pap user", -@@ -5754,14 +5803,14 @@ def test_openssl_cipher_suite_config_wpa +@@ -5759,14 +5808,14 @@ def test_openssl_cipher_suite_config_wpa def test_openssl_cipher_suite_config_hapd(dev, apdev): """OpenSSL cipher suite configuration on hostapd""" tls = dev[0].request("GET tls_library") @@ -855,10 +855,10 @@ Signed-off-by: Glenn Strauss eap_connect(dev[0], hapd, "TTLS", "pap user", anonymous_identity="ttls", password="password", ca_cert="auth_serv/ca.pem", phase2="auth=PAP") -@@ -6207,13 +6256,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a - check_tls_ver(dev[0], hapd, - "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1", - "TLSv1.2") +@@ -6209,13 +6258,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a + if tls.startswith("wolfSSL"): + check_tls_ver(dev[0], hapd, + "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1", "TLSv1.2") - elif tls.startswith("internal"): + elif tls.startswith("internal") or tls.startswith("mbed TLS"): check_tls_ver(dev[0], hapd, @@ -875,10 +875,10 @@ Signed-off-by: Glenn Strauss + "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1") + check_tls_ver(dev[2], hapd, + "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1") - if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3." in tls: + if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3." in tls or \ + tls.startswith("wolfSSL"): check_tls_ver(dev[0], hapd, - "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3") -@@ -6235,6 +6288,11 @@ def test_ap_wpa2_eap_tls_versions_server +@@ -6238,6 +6291,11 @@ def test_ap_wpa2_eap_tls_versions_server tests = [("TLSv1", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"), ("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"), ("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")] @@ -890,7 +890,7 @@ Signed-off-by: Glenn Strauss for exp, flags in tests: hapd.disable() hapd.set("tls_flags", flags) -@@ -7305,6 +7363,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde +@@ -7318,6 +7376,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde def test_eap_tls_ext_cert_check(dev, apdev): """EAP-TLS and external server certification validation""" # With internal server certificate chain validation @@ -898,7 +898,7 @@ Signed-off-by: Glenn Strauss id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS", identity="tls user", ca_cert="auth_serv/ca.pem", -@@ -7317,6 +7376,7 @@ def test_eap_tls_ext_cert_check(dev, apd +@@ -7330,6 +7389,7 @@ def test_eap_tls_ext_cert_check(dev, apd def test_eap_ttls_ext_cert_check(dev, apdev): """EAP-TTLS and external server certification validation""" # Without internal server certificate chain validation @@ -906,7 +906,7 @@ Signed-off-by: Glenn Strauss id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", identity="pap user", anonymous_identity="ttls", password="password", phase2="auth=PAP", -@@ -7327,6 +7387,7 @@ def test_eap_ttls_ext_cert_check(dev, ap +@@ -7340,6 +7400,7 @@ def test_eap_ttls_ext_cert_check(dev, ap def test_eap_peap_ext_cert_check(dev, apdev): """EAP-PEAP and external server certification validation""" # With internal server certificate chain validation @@ -914,7 +914,7 @@ Signed-off-by: Glenn Strauss id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP", identity="user", anonymous_identity="peap", ca_cert="auth_serv/ca.pem", -@@ -7337,6 +7398,7 @@ def test_eap_peap_ext_cert_check(dev, ap +@@ -7350,6 +7411,7 @@ def test_eap_peap_ext_cert_check(dev, ap def test_eap_fast_ext_cert_check(dev, apdev): """EAP-FAST and external server certification validation""" @@ -922,7 +922,7 @@ Signed-off-by: Glenn Strauss check_eap_capa(dev[0], "FAST") # With internal server certificate chain validation dev[0].request("SET blob fast_pac_auth_ext ") -@@ -7351,10 +7413,6 @@ def test_eap_fast_ext_cert_check(dev, ap +@@ -7364,10 +7426,6 @@ def test_eap_fast_ext_cert_check(dev, ap run_ext_cert_check(dev, apdev, id) def run_ext_cert_check(dev, apdev, net_id): @@ -935,7 +935,7 @@ Signed-off-by: Glenn Strauss --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py -@@ -2494,11 +2494,11 @@ def test_ap_ft_ap_oom5(dev, apdev): +@@ -2543,11 +2543,11 @@ def test_ap_ft_ap_oom5(dev, apdev): # This will fail to roam dev[0].roam(bssid1, check_bssid=False) @@ -1060,11 +1060,11 @@ Signed-off-by: Glenn Strauss phase2="auth=MSCHAPV2") - erp_test(dev[0], hapd, eap="TEAP", identity="erp-teap@example.com", - password="password", ca_cert="auth_serv/ca.pem", -- phase2="auth=MSCHAPV2", pac_file="blob://teap_pac") +- phase2="auth=MSCHAPV2") + if check_eap_capa(dev[0], "TEAP"): + erp_test(dev[0], hapd, eap="TEAP", identity="erp-teap@example.com", + password="password", ca_cert="auth_serv/ca.pem", -+ phase2="auth=MSCHAPV2", pac_file="blob://teap_pac") ++ phase2="auth=MSCHAPV2") erp_test(dev[0], hapd, eap="PSK", identity="erp-psk@example.com", password_hex="0123456789abcdef0123456789abcdef") if "PWD" in eap_methods: @@ -1079,7 +1079,7 @@ Signed-off-by: Glenn Strauss dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", --- a/tests/hwsim/test_fils.py +++ b/tests/hwsim/test_fils.py -@@ -1477,6 +1477,10 @@ def check_ec_group(dev, group): +@@ -1493,6 +1493,10 @@ def check_ec_group(dev, group): tls = dev.request("GET tls_library") if tls.startswith("wolfSSL"): return @@ -1124,7 +1124,7 @@ Signed-off-by: Glenn Strauss heavy_groups = [14, 15, 16] suitable_groups = [15, 16, 17, 18, 19, 20, 21] groups = [str(g) for g in sae_groups] -@@ -2232,6 +2237,8 @@ def run_sae_pwe_group(dev, apdev, group) +@@ -2248,6 +2253,8 @@ def run_sae_pwe_group(dev, apdev, group) logger.info("Add Brainpool EC groups since OpenSSL is new enough") elif tls.startswith("wolfSSL"): logger.info("Make sure Brainpool EC groups were enabled when compiling wolfSSL") @@ -1165,18 +1165,13 @@ Signed-off-by: Glenn Strauss res = dev[0].request(cmd) --- a/tests/hwsim/utils.py +++ b/tests/hwsim/utils.py -@@ -145,7 +145,13 @@ def check_imsi_privacy_support(dev): - - def check_tls_tod(dev): +@@ -151,7 +151,8 @@ def check_tls_tod(dev): tls = dev.request("GET tls_library") -- if not tls.startswith("OpenSSL") and not tls.startswith("internal"): -+ if tls.startswith("OpenSSL"): -+ return -+ elif tls.startswith("internal"): -+ return -+ elif tls.startswith("mbed TLS"): -+ return -+ else: + if not tls.startswith("OpenSSL") and \ + not tls.startswith("wolfSSL") and \ +- not tls.startswith("internal"): ++ not tls.startswith("internal") and \ ++ not tls.startswith("mbed TLS"): raise HwsimSkip("TLS TOD-TOFU/STRICT not supported with this TLS library: " + tls) def vht_supported(): @@ -1294,15 +1289,15 @@ Signed-off-by: Glenn Strauss if (need_more_data) { --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -1189,6 +1189,7 @@ TLS_FUNCS=y +@@ -1190,6 +1190,7 @@ TLS_FUNCS=y endif ifeq ($(CONFIG_TLS), wolfssl) +CFLAGS += -DCONFIG_TLS_WOLFSSL + CFLAGS += -DCRYPTO_RSA_OAEP_SHA256 ifdef TLS_FUNCS CFLAGS += -DWOLFSSL_DER_LOAD - OBJS += ../src/crypto/tls_wolfssl.o -@@ -1204,6 +1205,7 @@ LIBS_p += -lwolfssl -lm +@@ -1206,6 +1207,7 @@ LIBS_p += -lwolfssl -lm endif ifeq ($(CONFIG_TLS), openssl) @@ -1310,7 +1305,7 @@ Signed-off-by: Glenn Strauss CFLAGS += -DCRYPTO_RSA_OAEP_SHA256 ifdef TLS_FUNCS CFLAGS += -DEAP_TLS_OPENSSL -@@ -1231,6 +1233,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF +@@ -1233,6 +1235,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF endif ifeq ($(CONFIG_TLS), mbedtls) @@ -1318,7 +1313,7 @@ Signed-off-by: Glenn Strauss ifndef CONFIG_CRYPTO CONFIG_CRYPTO=mbedtls endif -@@ -1250,6 +1253,7 @@ endif +@@ -1252,6 +1255,7 @@ endif endif ifeq ($(CONFIG_TLS), gnutls) @@ -1326,7 +1321,7 @@ Signed-off-by: Glenn Strauss ifndef CONFIG_CRYPTO # default to libgcrypt CONFIG_CRYPTO=gnutls -@@ -1280,6 +1284,7 @@ endif +@@ -1282,6 +1286,7 @@ endif endif ifeq ($(CONFIG_TLS), internal) @@ -1334,7 +1329,7 @@ Signed-off-by: Glenn Strauss ifndef CONFIG_CRYPTO CONFIG_CRYPTO=internal endif -@@ -1360,6 +1365,7 @@ endif +@@ -1362,6 +1367,7 @@ endif endif ifeq ($(CONFIG_TLS), linux) diff --git a/package/network/services/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch b/package/network/services/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch index 78ed459ee6..e562c2dd2a 100644 --- a/package/network/services/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch +++ b/package/network/services/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch @@ -29,7 +29,7 @@ Signed-off-by: Glenn Strauss wpa_printf(MSG_DEBUG, "DPP: Generating a keypair"); --- a/src/common/sae.c +++ b/src/common/sae.c -@@ -1279,6 +1279,13 @@ void sae_deinit_pt(struct sae_pt *pt) +@@ -1284,6 +1284,13 @@ void sae_deinit_pt(struct sae_pt *pt) static int sae_derive_commit_element_ecc(struct sae_data *sae, struct crypto_bignum *mask) { diff --git a/package/network/services/hostapd/patches/170-hostapd-update-cfs0-and-cfs1-for-160MHz.patch b/package/network/services/hostapd/patches/170-hostapd-update-cfs0-and-cfs1-for-160MHz.patch index 0af7a379bc..d9cdb1d3eb 100644 --- a/package/network/services/hostapd/patches/170-hostapd-update-cfs0-and-cfs1-for-160MHz.patch +++ b/package/network/services/hostapd/patches/170-hostapd-update-cfs0-and-cfs1-for-160MHz.patch @@ -120,7 +120,7 @@ Signed-off-by: P Praneesh * Convert 80+80 MHz channel width to new style as interop --- a/src/common/hw_features_common.c +++ b/src/common/hw_features_common.c -@@ -898,6 +898,7 @@ int ieee80211ac_cap_check(u32 hw, u32 co +@@ -923,6 +923,7 @@ int ieee80211ac_cap_check(u32 hw, u32 co VHT_CAP_CHECK(VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB); VHT_CAP_CHECK(VHT_CAP_RX_ANTENNA_PATTERN); VHT_CAP_CHECK(VHT_CAP_TX_ANTENNA_PATTERN); @@ -130,7 +130,7 @@ Signed-off-by: P Praneesh #undef VHT_CAP_CHECK_MAX --- a/src/common/ieee802_11_defs.h +++ b/src/common/ieee802_11_defs.h -@@ -1401,6 +1401,8 @@ struct ieee80211_ampe_ie { +@@ -1420,6 +1420,8 @@ struct ieee80211_ampe_ie { #define VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB ((u32) BIT(26) | BIT(27)) #define VHT_CAP_RX_ANTENNA_PATTERN ((u32) BIT(28)) #define VHT_CAP_TX_ANTENNA_PATTERN ((u32) BIT(29)) diff --git a/package/network/services/hostapd/patches/180-fix_owe_ssid_update.patch b/package/network/services/hostapd/patches/180-fix_owe_ssid_update.patch index 5581922b27..b0557856ce 100644 --- a/package/network/services/hostapd/patches/180-fix_owe_ssid_update.patch +++ b/package/network/services/hostapd/patches/180-fix_owe_ssid_update.patch @@ -1,6 +1,6 @@ --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -2420,7 +2420,11 @@ static int hostapd_owe_iface_iter(struct +@@ -2441,7 +2441,11 @@ static int hostapd_owe_iface_iter(struct if (!bss->conf->ssid.ssid_set || !bss->conf->ssid.ssid_len || is_zero_ether_addr(bss->own_addr)) continue; @@ -13,7 +13,7 @@ os_memcpy(hapd->conf->owe_transition_bssid, bss->own_addr, ETH_ALEN); os_memcpy(hapd->conf->owe_transition_ssid, -@@ -2437,10 +2441,6 @@ static int hostapd_owe_iface_iter(struct +@@ -2458,10 +2462,6 @@ static int hostapd_owe_iface_iter(struct int hostapd_owe_trans_get_info(struct hostapd_data *hapd) { diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch index 80a484e974..7472dc63e6 100644 --- a/package/network/services/hostapd/patches/200-multicall.patch +++ b/package/network/services/hostapd/patches/200-multicall.patch @@ -25,7 +25,7 @@ This allows building both hostapd and wpa_supplicant as a single binary OBJS += ../src/ap/vlan_init.o OBJS += ../src/ap/vlan_ifconfig.o OBJS += ../src/ap/vlan.o -@@ -359,10 +361,14 @@ CFLAGS += -DCONFIG_MBO +@@ -360,10 +362,14 @@ CFLAGS += -DCONFIG_MBO OBJS += ../src/ap/mbo_ap.o endif @@ -43,7 +43,7 @@ This allows building both hostapd and wpa_supplicant as a single binary LIBS += $(DRV_AP_LIBS) ifdef CONFIG_L2_PACKET -@@ -1393,6 +1399,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) +@@ -1406,6 +1412,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) _OBJS_VAR := OBJS include ../src/objs.mk @@ -56,7 +56,7 @@ This allows building both hostapd and wpa_supplicant as a single binary hostapd: $(OBJS) $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS) @$(E) " LD " $@ -@@ -1473,6 +1485,12 @@ include ../src/objs.mk +@@ -1494,6 +1506,12 @@ include ../src/objs.mk _OBJS_VAR := SOBJS include ../src/objs.mk @@ -71,7 +71,7 @@ This allows building both hostapd and wpa_supplicant as a single binary @$(E) " LD " $@ --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -696,6 +696,11 @@ fail: +@@ -737,6 +737,11 @@ fail: return -1; } @@ -83,7 +83,7 @@ This allows building both hostapd and wpa_supplicant as a single binary #ifdef CONFIG_WPS static int gen_uuid(const char *txt_addr) -@@ -817,6 +822,8 @@ int main(int argc, char *argv[]) +@@ -858,6 +863,8 @@ int main(int argc, char *argv[]) return -1; #endif /* CONFIG_DPP */ @@ -94,7 +94,7 @@ This allows building both hostapd and wpa_supplicant as a single binary if (c < 0) --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c -@@ -2520,8 +2520,8 @@ static void hostapd_mld_iface_disable(st +@@ -2537,8 +2537,8 @@ static void hostapd_mld_iface_disable(st #endif /* CONFIG_IEEE80211BE */ @@ -105,7 +105,7 @@ This allows building both hostapd and wpa_supplicant as a single binary { struct hostapd_data *hapd = ctx; struct sta_info *sta; -@@ -2879,7 +2879,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -2896,7 +2896,7 @@ void wpa_supplicant_event(void *ctx, enu } @@ -116,7 +116,7 @@ This allows building both hostapd and wpa_supplicant as a single binary struct hapd_interfaces *interfaces = ctx; --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -6974,8 +6974,8 @@ union wpa_event_data { +@@ -7072,8 +7072,8 @@ union wpa_event_data { * Driver wrapper code should call this function whenever an event is received * from the driver. */ @@ -127,7 +127,7 @@ This allows building both hostapd and wpa_supplicant as a single binary /** * wpa_supplicant_event_global - Report a driver event for wpa_supplicant -@@ -6987,7 +6987,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -7085,7 +7085,7 @@ void wpa_supplicant_event(void *ctx, enu * Same as wpa_supplicant_event(), but we search for the interface in * wpa_global. */ @@ -159,7 +159,7 @@ This allows building both hostapd and wpa_supplicant as a single binary include ../src/build.rules ifdef CONFIG_BUILD_PASN_SO -@@ -389,7 +390,9 @@ endif +@@ -390,7 +391,9 @@ endif ifdef CONFIG_IBSS_RSN NEED_RSN_AUTHENTICATOR=y CFLAGS += -DCONFIG_IBSS_RSN @@ -169,7 +169,7 @@ This allows building both hostapd and wpa_supplicant as a single binary OBJS += ibss_rsn.o endif -@@ -981,6 +984,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS +@@ -982,6 +985,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS LIBS += -ldl -rdynamic endif @@ -180,7 +180,7 @@ This allows building both hostapd and wpa_supplicant as a single binary endif ifdef CONFIG_AP -@@ -988,9 +995,11 @@ NEED_EAP_COMMON=y +@@ -989,9 +996,11 @@ NEED_EAP_COMMON=y NEED_RSN_AUTHENTICATOR=y CFLAGS += -DCONFIG_AP OBJS += ap.o @@ -192,7 +192,7 @@ This allows building both hostapd and wpa_supplicant as a single binary OBJS += ../src/ap/hostapd.o OBJS += ../src/ap/wpa_auth_glue.o OBJS += ../src/ap/utils.o -@@ -1081,6 +1090,12 @@ endif +@@ -1082,6 +1091,12 @@ endif ifdef CONFIG_HS20 OBJS += ../src/ap/hs20.o endif @@ -205,7 +205,7 @@ This allows building both hostapd and wpa_supplicant as a single binary endif ifdef CONFIG_MBO -@@ -1090,7 +1105,9 @@ NEED_GAS=y +@@ -1091,7 +1106,9 @@ NEED_GAS=y endif ifdef NEED_RSN_AUTHENTICATOR @@ -215,7 +215,7 @@ This allows building both hostapd and wpa_supplicant as a single binary NEED_AES_WRAP=y OBJS += ../src/ap/wpa_auth.o OBJS += ../src/ap/wpa_auth_ie.o -@@ -2080,6 +2097,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) +@@ -2082,6 +2099,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) _OBJS_VAR := OBJS include ../src/objs.mk @@ -228,7 +228,7 @@ This allows building both hostapd and wpa_supplicant as a single binary wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs) $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS) @$(E) " LD " $@ -@@ -2212,6 +2235,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK) +@@ -2214,6 +2237,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK) $(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@ @$(E) " sed" $< @@ -278,7 +278,7 @@ This allows building both hostapd and wpa_supplicant as a single binary os_memset(&eapol_test, 0, sizeof(eapol_test)); --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -6131,8 +6131,8 @@ static int wpas_pasn_auth(struct wpa_sup +@@ -6170,8 +6170,8 @@ static int wpas_pasn_auth(struct wpa_sup #endif /* CONFIG_PASN */ @@ -289,7 +289,7 @@ This allows building both hostapd and wpa_supplicant as a single binary { struct wpa_supplicant *wpa_s = ctx; int resched; -@@ -7084,7 +7084,7 @@ void wpa_supplicant_event(void *ctx, enu +@@ -7134,7 +7134,7 @@ void wpa_supplicant_event(void *ctx, enu } @@ -331,7 +331,7 @@ This allows building both hostapd and wpa_supplicant as a single binary os_memset(&global, 0, sizeof(global)); --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -7787,7 +7787,6 @@ struct wpa_interface * wpa_supplicant_ma +@@ -8062,7 +8062,6 @@ struct wpa_interface * wpa_supplicant_ma return NULL; } @@ -339,7 +339,7 @@ This allows building both hostapd and wpa_supplicant as a single binary /** * wpa_supplicant_match_existing - Match existing interfaces * @global: Pointer to global data from wpa_supplicant_init() -@@ -7822,6 +7821,11 @@ static int wpa_supplicant_match_existing +@@ -8097,6 +8096,11 @@ static int wpa_supplicant_match_existing #endif /* CONFIG_MATCH_IFACE */ @@ -351,7 +351,7 @@ This allows building both hostapd and wpa_supplicant as a single binary /** * wpa_supplicant_add_iface - Add a new network interface -@@ -8078,6 +8082,8 @@ struct wpa_global * wpa_supplicant_init( +@@ -8353,6 +8357,8 @@ struct wpa_global * wpa_supplicant_init( #ifndef CONFIG_NO_WPA_MSG wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); #endif /* CONFIG_NO_WPA_MSG */ diff --git a/package/network/services/hostapd/patches/201-lto-jobserver-support.patch b/package/network/services/hostapd/patches/201-lto-jobserver-support.patch index 7473cbef96..7911071e0f 100644 --- a/package/network/services/hostapd/patches/201-lto-jobserver-support.patch +++ b/package/network/services/hostapd/patches/201-lto-jobserver-support.patch @@ -5,7 +5,7 @@ Subject: [PATCH] hostapd: build with LTO enabled (using jobserver for parallel --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -1406,7 +1406,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS) +@@ -1419,7 +1419,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS) @$(AR) cr $@ hostapd_multi.o $(OBJS) hostapd: $(OBJS) @@ -14,7 +14,7 @@ Subject: [PATCH] hostapd: build with LTO enabled (using jobserver for parallel @$(E) " LD " $@ ifdef CONFIG_WPA_TRACE -@@ -1417,7 +1417,7 @@ _OBJS_VAR := OBJS_c +@@ -1430,7 +1430,7 @@ _OBJS_VAR := OBJS_c include ../src/objs.mk hostapd_cli: $(OBJS_c) @@ -25,7 +25,7 @@ Subject: [PATCH] hostapd: build with LTO enabled (using jobserver for parallel NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -2104,31 +2104,31 @@ wpa_supplicant_multi.a: .config $(BCHECK +@@ -2106,31 +2106,31 @@ wpa_supplicant_multi.a: .config $(BCHECK @$(AR) cr $@ wpa_supplicant_multi.o $(OBJS) wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs) diff --git a/package/network/services/hostapd/patches/211-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch b/package/network/services/hostapd/patches/211-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch index 38d4d1500a..f7d3984c60 100644 --- a/package/network/services/hostapd/patches/211-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch +++ b/package/network/services/hostapd/patches/211-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch @@ -13,7 +13,7 @@ Signed-off-by: David Bauer --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c -@@ -13292,7 +13292,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -13566,7 +13566,7 @@ char * wpa_supplicant_ctrl_iface_process if (wpas_ctrl_iface_coloc_intf_report(wpa_s, buf + 18)) reply_len = -1; #endif /* CONFIG_WNM */ @@ -22,7 +22,7 @@ Signed-off-by: David Bauer } else if (os_strncmp(buf, "DISASSOC_IMMINENT ", 18) == 0) { if (ap_ctrl_iface_disassoc_imminent(wpa_s, buf + 18)) reply_len = -1; -@@ -13302,7 +13302,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -13576,7 +13576,7 @@ char * wpa_supplicant_ctrl_iface_process } else if (os_strncmp(buf, "BSS_TM_REQ ", 11) == 0) { if (ap_ctrl_iface_bss_tm_req(wpa_s, buf + 11)) reply_len = -1; diff --git a/package/network/services/hostapd/patches/212-Move-definition-of-WLAN_SUPP_RATES_MAX-to-defs.h.patch b/package/network/services/hostapd/patches/212-Move-definition-of-WLAN_SUPP_RATES_MAX-to-defs.h.patch index 4c568c924c..2961749c39 100644 --- a/package/network/services/hostapd/patches/212-Move-definition-of-WLAN_SUPP_RATES_MAX-to-defs.h.patch +++ b/package/network/services/hostapd/patches/212-Move-definition-of-WLAN_SUPP_RATES_MAX-to-defs.h.patch @@ -30,7 +30,7 @@ Signed-off-by: Eneas U de Queiroz --- a/src/ap/sta_info.h +++ b/src/ap/sta_info.h -@@ -49,10 +49,6 @@ +@@ -50,10 +50,6 @@ #define WLAN_STA_PENDING_DEAUTH_CB BIT(30) #define WLAN_STA_NONERP BIT(31) diff --git a/package/network/services/hostapd/patches/220-indicate-features.patch b/package/network/services/hostapd/patches/220-indicate-features.patch index 13a5c38631..e6456c6338 100644 --- a/package/network/services/hostapd/patches/220-indicate-features.patch +++ b/package/network/services/hostapd/patches/220-indicate-features.patch @@ -15,7 +15,7 @@ Subject: [PATCH] hostapd: support optional argument for the -v switch of struct hapd_global { void **drv_priv; -@@ -825,7 +825,7 @@ int main(int argc, char *argv[]) +@@ -866,7 +866,7 @@ int main(int argc, char *argv[]) wpa_supplicant_event = hostapd_wpa_event; wpa_supplicant_event_global = hostapd_wpa_event_global; for (;;) { @@ -24,7 +24,7 @@ Subject: [PATCH] hostapd: support optional argument for the -v switch of if (c < 0) break; switch (c) { -@@ -862,6 +862,8 @@ int main(int argc, char *argv[]) +@@ -903,6 +903,8 @@ int main(int argc, char *argv[]) break; #endif /* CONFIG_DEBUG_LINUX_TRACING */ case 'v': diff --git a/package/network/services/hostapd/patches/252-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/252-disable_ctrl_iface_mib.patch index 0801a93bcd..c5cf70d54d 100644 --- a/package/network/services/hostapd/patches/252-disable_ctrl_iface_mib.patch +++ b/package/network/services/hostapd/patches/252-disable_ctrl_iface_mib.patch @@ -16,7 +16,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality else --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -4057,6 +4057,7 @@ static int hostapd_ctrl_iface_receive_pr +@@ -4087,6 +4087,7 @@ static int hostapd_ctrl_iface_receive_pr reply_size); } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) { reply_len = hostapd_drv_status(hapd, reply, reply_size); @@ -24,7 +24,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality } else if (os_strcmp(buf, "MIB") == 0) { reply_len = ieee802_11_get_mib(hapd, reply, reply_size); if (reply_len >= 0) { -@@ -4098,6 +4099,7 @@ static int hostapd_ctrl_iface_receive_pr +@@ -4128,6 +4129,7 @@ static int hostapd_ctrl_iface_receive_pr } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply, reply_size); @@ -88,7 +88,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd, struct sta_info *sta, char *buf, size_t buflen) -@@ -562,6 +562,7 @@ int hostapd_ctrl_iface_sta_next(struct h +@@ -571,6 +571,7 @@ int hostapd_ctrl_iface_sta_next(struct h return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen); } @@ -96,7 +96,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality #ifdef CONFIG_P2P_MANAGER static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype, -@@ -1016,12 +1017,12 @@ int hostapd_ctrl_iface_status(struct hos +@@ -1043,12 +1044,12 @@ int hostapd_ctrl_iface_status(struct hos return len; len += ret; } @@ -113,7 +113,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality if (os_snprintf_error(buflen - len, ret)) --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c -@@ -2869,6 +2869,7 @@ static const char * bool_txt(bool val) +@@ -2867,6 +2867,7 @@ static const char * bool_txt(bool val) return val ? "TRUE" : "FALSE"; } @@ -121,7 +121,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) { -@@ -3055,6 +3056,7 @@ int ieee802_1x_get_mib_sta(struct hostap +@@ -3053,6 +3054,7 @@ int ieee802_1x_get_mib_sta(struct hostap return len; } @@ -131,7 +131,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx) --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c -@@ -6141,6 +6141,7 @@ static const char * wpa_bool_txt(int val +@@ -6178,6 +6178,7 @@ static const char * wpa_bool_txt(int val return val ? "TRUE" : "FALSE"; } @@ -139,7 +139,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ -@@ -6293,7 +6294,7 @@ int wpa_get_mib_sta(struct wpa_state_mac +@@ -6330,7 +6331,7 @@ int wpa_get_mib_sta(struct wpa_state_mac return len; } @@ -150,7 +150,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality { --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c -@@ -4155,6 +4155,8 @@ static u32 wpa_key_mgmt_suite(struct wpa +@@ -4195,6 +4195,8 @@ static u32 wpa_key_mgmt_suite(struct wpa } @@ -159,7 +159,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff -@@ -4236,6 +4238,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch +@@ -4276,6 +4278,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch return (int) len; } @@ -169,7 +169,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile -@@ -1039,6 +1039,9 @@ ifdef CONFIG_FILS +@@ -1040,6 +1040,9 @@ ifdef CONFIG_FILS OBJS += ../src/ap/fils_hlp.o endif ifdef CONFIG_CTRL_IFACE @@ -181,7 +181,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c -@@ -1520,7 +1520,7 @@ int wpas_ap_wps_nfc_report_handover(stru +@@ -1523,7 +1523,7 @@ int wpas_ap_wps_nfc_report_handover(stru #endif /* CONFIG_WPS */ @@ -192,7 +192,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality char *buf, size_t buflen) --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c -@@ -2355,7 +2355,7 @@ static int wpa_supplicant_ctrl_iface_sta +@@ -2357,7 +2357,7 @@ static int wpa_supplicant_ctrl_iface_sta pos += ret; } @@ -201,7 +201,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality if (wpa_s->ap_iface) { pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos, end - pos, -@@ -12620,6 +12620,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -12876,6 +12876,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = -1; } else if (os_strncmp(buf, "NOTE ", 5) == 0) { wpa_printf(MSG_INFO, "NOTE: %s", buf + 5); @@ -209,7 +209,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality } else if (os_strcmp(buf, "MIB") == 0) { reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size); if (reply_len >= 0) { -@@ -12632,6 +12633,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -12888,6 +12889,7 @@ char * wpa_supplicant_ctrl_iface_process reply_size - reply_len); #endif /* CONFIG_MACSEC */ } @@ -217,7 +217,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality } else if (os_strncmp(buf, "STATUS", 6) == 0) { reply_len = wpa_supplicant_ctrl_iface_status( wpa_s, buf + 6, reply, reply_size); -@@ -13120,6 +13122,7 @@ char * wpa_supplicant_ctrl_iface_process +@@ -13394,6 +13396,7 @@ char * wpa_supplicant_ctrl_iface_process reply_len = wpa_supplicant_ctrl_iface_bss( wpa_s, buf + 4, reply, reply_size); #ifdef CONFIG_AP @@ -225,7 +225,7 @@ Subject: [PATCH] Remove some unnecessary control interface functionality } else if (os_strcmp(buf, "STA-FIRST") == 0) { reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size); } else if (os_strncmp(buf, "STA ", 4) == 0) { -@@ -13128,12 +13131,15 @@ char * wpa_supplicant_ctrl_iface_process +@@ -13402,12 +13405,15 @@ char * wpa_supplicant_ctrl_iface_process } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply, reply_size); diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch index 6deb2722b3..ebedb2603c 100644 --- a/package/network/services/hostapd/patches/300-noscan.patch +++ b/package/network/services/hostapd/patches/300-noscan.patch @@ -18,7 +18,7 @@ Subject: [PATCH] Add noscan, no_ht_coex config options } else if (os_strcmp(buf, "ht_capab") == 0) { --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h -@@ -1122,6 +1122,8 @@ struct hostapd_config { +@@ -1125,6 +1125,8 @@ struct hostapd_config { int ht_op_mode_fixed; u16 ht_capab; @@ -29,7 +29,7 @@ Subject: [PATCH] Add noscan, no_ht_coex config options int no_pri_sec_switch; --- a/src/ap/hw_features.c +++ b/src/ap/hw_features.c -@@ -573,7 +573,8 @@ static int ieee80211n_check_40mhz(struct +@@ -567,7 +567,8 @@ static int ieee80211n_check_40mhz(struct int ret; /* Check that HT40 is used and PRI / SEC switch is allowed */ diff --git a/package/network/services/hostapd/patches/301-mesh-noscan.patch b/package/network/services/hostapd/patches/301-mesh-noscan.patch index e5fd053232..175b76c60b 100644 --- a/package/network/services/hostapd/patches/301-mesh-noscan.patch +++ b/package/network/services/hostapd/patches/301-mesh-noscan.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Allow HT40 also on 2.4GHz if noscan option is set, which also --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c -@@ -2639,6 +2639,7 @@ static const struct parse_data ssid_fiel +@@ -2668,6 +2668,7 @@ static const struct parse_data ssid_fiel #else /* CONFIG_MESH */ { INT_RANGE(mode, 0, 4) }, #endif /* CONFIG_MESH */ @@ -15,17 +15,17 @@ Subject: [PATCH] Allow HT40 also on 2.4GHz if noscan option is set, which also { STR(id_str) }, --- a/wpa_supplicant/config_file.c +++ b/wpa_supplicant/config_file.c -@@ -775,6 +775,7 @@ static void wpa_config_write_network(FIL +@@ -867,6 +867,7 @@ static void wpa_config_write_network(FIL #endif /* IEEE8021X_EAPOL */ INT(mode); INT(no_auto_peer); + INT(noscan); - INT(mesh_fwding); + INT_DEF(mesh_fwding, DEFAULT_MESH_FWDING); INT(frequency); INT(enable_edmg); --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h -@@ -1035,6 +1035,8 @@ struct wpa_ssid { +@@ -1063,6 +1063,8 @@ struct wpa_ssid { */ int no_auto_peer; @@ -36,7 +36,7 @@ Subject: [PATCH] Allow HT40 also on 2.4GHz if noscan option is set, which also * --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c -@@ -506,6 +506,8 @@ static int wpa_supplicant_mesh_init(stru +@@ -509,6 +509,8 @@ static int wpa_supplicant_mesh_init(stru frequency); goto out_free; } @@ -47,7 +47,7 @@ Subject: [PATCH] Allow HT40 also on 2.4GHz if noscan option is set, which also /* --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -2903,7 +2903,7 @@ static bool ibss_mesh_can_use_vht(struct +@@ -3044,7 +3044,7 @@ static bool ibss_mesh_can_use_vht(struct const struct wpa_ssid *ssid, struct hostapd_hw_modes *mode) { @@ -56,7 +56,7 @@ Subject: [PATCH] Allow HT40 also on 2.4GHz if noscan option is set, which also return false; if (!drv_supports_vht(wpa_s, ssid)) -@@ -2976,7 +2976,7 @@ static void ibss_mesh_select_40mhz(struc +@@ -3117,7 +3117,7 @@ static void ibss_mesh_select_40mhz(struc int i, res; unsigned int j; static const int ht40plus[] = { @@ -65,7 +65,7 @@ Subject: [PATCH] Allow HT40 also on 2.4GHz if noscan option is set, which also 149, 157, 165, 173, 184, 192 }; int ht40 = -1; -@@ -3227,7 +3227,7 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -3414,7 +3414,7 @@ void ibss_mesh_setup_freq(struct wpa_sup int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode); enum hostapd_hw_mode hw_mode; struct hostapd_hw_modes *mode = NULL; @@ -74,7 +74,7 @@ Subject: [PATCH] Allow HT40 also on 2.4GHz if noscan option is set, which also u8 channel; bool is_6ghz, is_24ghz; bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR); -@@ -3271,6 +3271,8 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -3458,6 +3458,8 @@ void ibss_mesh_setup_freq(struct wpa_sup freq->he_enabled = ibss_mesh_can_use_he(wpa_s, ssid, mode, ieee80211_mode); freq->channel = channel; diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch index 038bce9e9d..83b616116f 100644 --- a/package/network/services/hostapd/patches/310-rescan_immediately.patch +++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch @@ -5,7 +5,7 @@ Subject: [PATCH] rescan_immediately.patch --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -6073,7 +6073,7 @@ wpa_supplicant_alloc(struct wpa_supplica +@@ -6342,7 +6342,7 @@ wpa_supplicant_alloc(struct wpa_supplica if (wpa_s == NULL) return NULL; wpa_s->scan_req = INITIAL_SCAN_REQ; diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch deleted file mode 100644 index e757a6df00..0000000000 --- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch +++ /dev/null @@ -1,16 +0,0 @@ -From ee68734929edb30f90a95bc3150038333b345476 Mon Sep 17 00:00:00 2001 -From: Felix Fietkau -Date: Sun, 30 Jun 2013 21:01:13 +0000 -Subject: [PATCH] nl80211_fix_set_freq.patch - ---- a/src/drivers/driver_nl80211.c -+++ b/src/drivers/driver_nl80211.c -@@ -5512,7 +5512,7 @@ static int nl80211_set_channel(struct i8 - freq->he_enabled, freq->eht_enabled, freq->bandwidth, - freq->center_freq1, freq->center_freq2); - -- msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL : -+ msg = nl80211_bss_msg(bss, 0, set_chan ? NL80211_CMD_SET_CHANNEL : - NL80211_CMD_SET_WIPHY); - if (!msg || nl80211_put_freq_params(msg, freq) < 0) { - nlmsg_free(msg); diff --git a/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch b/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch index 4a5852af2e..8e2d7fc8a4 100644 --- a/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch +++ b/package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch @@ -5,7 +5,7 @@ Subject: [PATCH] wpa_supplicant: fix calling channel switch via wpa_cli on --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c -@@ -1846,17 +1846,37 @@ int ap_switch_channel(struct wpa_supplic +@@ -1849,17 +1849,37 @@ int ap_switch_channel(struct wpa_supplic #ifdef CONFIG_CTRL_IFACE diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch index c3b3ded908..6b3baea558 100644 --- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch @@ -4,7 +4,7 @@ Subject: [PATCH] nl80211_del_beacon_bss.patch --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -6253,8 +6253,7 @@ static void nl80211_teardown_ap(struct i +@@ -6381,8 +6381,7 @@ static void nl80211_teardown_ap(struct i nl80211_mgmt_unsubscribe(bss, "AP teardown"); nl80211_put_wiphy_data_ap(bss); diff --git a/package/network/services/hostapd/patches/410-limit_debug_messages.patch b/package/network/services/hostapd/patches/410-limit_debug_messages.patch index 58dd415f09..8f136763ed 100644 --- a/package/network/services/hostapd/patches/410-limit_debug_messages.patch +++ b/package/network/services/hostapd/patches/410-limit_debug_messages.patch @@ -85,7 +85,7 @@ Subject: [PATCH] hostapd: add configurable debug message minimum priority to char *buf; --- a/src/utils/wpa_debug.h +++ b/src/utils/wpa_debug.h -@@ -51,6 +51,17 @@ void wpa_debug_close_file(void); +@@ -52,6 +52,17 @@ void wpa_debug_close_file(void); void wpa_debug_setup_stdout(void); void wpa_debug_stop_log(void); @@ -103,7 +103,7 @@ Subject: [PATCH] hostapd: add configurable debug message minimum priority to /** * wpa_debug_printf_timestamp - Print timestamp for debug output * -@@ -71,9 +82,15 @@ void wpa_debug_print_timestamp(void); +@@ -72,9 +83,15 @@ void wpa_debug_print_timestamp(void); * * Note: New line '\n' is added to the end of the text when printing to stdout. */ @@ -120,7 +120,7 @@ Subject: [PATCH] hostapd: add configurable debug message minimum priority to /** * wpa_hexdump - conditional hex dump * @level: priority level (MSG_*) of the message -@@ -85,7 +102,13 @@ PRINTF_FORMAT(2, 3); +@@ -86,7 +103,13 @@ PRINTF_FORMAT(2, 3); * output may be directed to stdout, stderr, and/or syslog based on * configuration. The contents of buf is printed out has hex dump. */ @@ -135,7 +135,7 @@ Subject: [PATCH] hostapd: add configurable debug message minimum priority to static inline void wpa_hexdump_buf(int level, const char *title, const struct wpabuf *buf) -@@ -107,7 +130,13 @@ static inline void wpa_hexdump_buf(int l +@@ -108,7 +131,13 @@ static inline void wpa_hexdump_buf(int l * like wpa_hexdump(), but by default, does not include secret keys (passwords, * etc.) in debug output. */ @@ -150,7 +150,7 @@ Subject: [PATCH] hostapd: add configurable debug message minimum priority to static inline void wpa_hexdump_buf_key(int level, const char *title, const struct wpabuf *buf) -@@ -129,8 +158,14 @@ static inline void wpa_hexdump_buf_key(i +@@ -130,8 +159,14 @@ static inline void wpa_hexdump_buf_key(i * the hex numbers and ASCII characters (for printable range) are shown. 16 * bytes per line will be shown. */ @@ -167,7 +167,7 @@ Subject: [PATCH] hostapd: add configurable debug message minimum priority to /** * wpa_hexdump_ascii_key - conditional hex dump, hide keys -@@ -146,8 +181,14 @@ void wpa_hexdump_ascii(int level, const +@@ -147,8 +182,14 @@ void wpa_hexdump_ascii(int level, const * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by * default, does not include secret keys (passwords, etc.) in debug output. */ @@ -184,7 +184,7 @@ Subject: [PATCH] hostapd: add configurable debug message minimum priority to /* * wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce -@@ -184,7 +225,12 @@ void wpa_hexdump_ascii_key(int level, co +@@ -185,7 +226,12 @@ void wpa_hexdump_ascii_key(int level, co * * Note: New line '\n' is added to the end of the text when printing to stdout. */ @@ -198,7 +198,7 @@ Subject: [PATCH] hostapd: add configurable debug message minimum priority to /** * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors -@@ -198,8 +244,13 @@ void wpa_msg(void *ctx, int level, const +@@ -199,8 +245,13 @@ void wpa_msg(void *ctx, int level, const * attached ctrl_iface monitors. In other words, it can be used for frequent * events that do not need to be sent to syslog. */ diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch index cc7b131787..bedac7f606 100644 --- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch +++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch @@ -14,7 +14,7 @@ Signed-hostap: Antonio Quartulli --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -1004,6 +1004,9 @@ struct wpa_driver_associate_params { +@@ -1012,6 +1012,9 @@ struct wpa_driver_associate_params { * responsible for selecting with which BSS to associate. */ const u8 *bssid; @@ -34,7 +34,7 @@ Signed-hostap: Antonio Quartulli #include "config.h" -@@ -2421,6 +2422,97 @@ static char * wpa_config_write_mac_value +@@ -2449,6 +2450,97 @@ static char * wpa_config_write_mac_value #endif /* NO_CONFIG_WRITE */ @@ -132,7 +132,7 @@ Signed-hostap: Antonio Quartulli /* Helper macros for network block parser */ #ifdef OFFSET -@@ -2713,6 +2805,8 @@ static const struct parse_data ssid_fiel +@@ -2744,6 +2836,8 @@ static const struct parse_data ssid_fiel { INT(ap_max_inactivity) }, { INT(dtim_period) }, { INT(beacon_int) }, @@ -143,7 +143,7 @@ Signed-hostap: Antonio Quartulli { INT_RANGE(macsec_integ_only, 0, 1) }, --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h -@@ -879,6 +879,9 @@ struct wpa_ssid { +@@ -907,6 +907,9 @@ struct wpa_ssid { */ void *parent_cred; @@ -155,7 +155,7 @@ Signed-hostap: Antonio Quartulli * macsec_policy - Determines the policy for MACsec secure session --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -4435,6 +4435,12 @@ static void wpas_start_assoc_cb(struct w +@@ -4635,6 +4635,12 @@ static void wpas_start_assoc_cb(struct w params.beacon_int = ssid->beacon_int; else params.beacon_int = wpa_s->conf->beacon_int; diff --git a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch index 80ccb1c207..b30e0409a6 100644 --- a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch +++ b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch @@ -19,7 +19,7 @@ Tested-by: Simon Wunderlich --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -1920,6 +1920,7 @@ struct wpa_driver_mesh_join_params { +@@ -1932,6 +1932,7 @@ struct wpa_driver_mesh_join_params { #define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008 unsigned int flags; bool handle_dfs; @@ -29,7 +29,7 @@ Tested-by: Simon Wunderlich struct wpa_driver_set_key_params { --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -12142,6 +12142,18 @@ static int nl80211_put_mesh_id(struct nl +@@ -12333,6 +12333,18 @@ static int nl80211_put_mesh_id(struct nl } @@ -48,7 +48,7 @@ Tested-by: Simon Wunderlich static int nl80211_put_mesh_config(struct nl_msg *msg, struct wpa_driver_mesh_bss_params *params) { -@@ -12203,6 +12215,7 @@ static int nl80211_join_mesh(struct i802 +@@ -12394,6 +12406,7 @@ static int nl80211_join_mesh(struct i802 nl80211_put_basic_rates(msg, params->basic_rates) || nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) || nl80211_put_beacon_int(msg, params->beacon_int) || @@ -58,7 +58,7 @@ Tested-by: Simon Wunderlich --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c -@@ -632,6 +632,7 @@ int wpa_supplicant_join_mesh(struct wpa_ +@@ -636,6 +636,7 @@ int wpa_supplicant_join_mesh(struct wpa_ params->meshid = ssid->ssid; params->meshid_len = ssid->ssid_len; diff --git a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch index 9d39db5a63..1975c2b178 100644 --- a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch +++ b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Fix issues with disabling obss scan when using fixed_freq on --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -3234,6 +3234,10 @@ void ibss_mesh_setup_freq(struct wpa_sup +@@ -3421,6 +3421,10 @@ void ibss_mesh_setup_freq(struct wpa_sup freq->freq = ssid->frequency; diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index 256d1cfcc4..9310fd2d15 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -53,7 +53,7 @@ probe/assoc/auth requests via object subscribe. } --- a/src/ap/beacon.c +++ b/src/ap/beacon.c -@@ -1418,6 +1418,12 @@ void handle_probe_req(struct hostapd_dat +@@ -1437,6 +1437,12 @@ void handle_probe_req(struct hostapd_dat int mld_id; u16 links; #endif /* CONFIG_IEEE80211BE */ @@ -66,7 +66,7 @@ probe/assoc/auth requests via object subscribe. if (hapd->iconf->rssi_ignore_probe_request && ssi_signal && ssi_signal < hapd->iconf->rssi_ignore_probe_request) -@@ -1604,6 +1610,12 @@ void handle_probe_req(struct hostapd_dat +@@ -1623,6 +1629,12 @@ void handle_probe_req(struct hostapd_dat } #endif /* CONFIG_P2P */ @@ -116,7 +116,7 @@ probe/assoc/auth requests via object subscribe. #ifdef CONFIG_P2P if (elems.p2p) { wpabuf_free(sta->p2p_ie); -@@ -1369,6 +1379,7 @@ void hostapd_event_ch_switch(struct host +@@ -1385,6 +1395,7 @@ void hostapd_event_ch_switch(struct host wpa_msg(hapd->msg_ctx, MSG_INFO, AP_CSA_FINISHED "freq=%d dfs=%d", freq, is_dfs); @@ -126,7 +126,7 @@ probe/assoc/auth requests via object subscribe. if (is_dfs0 > 0 && --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -475,6 +475,7 @@ void hostapd_free_hapd_data(struct hosta +@@ -479,6 +479,7 @@ void hostapd_free_hapd_data(struct hosta hapd->beacon_set_done = 0; wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); @@ -134,7 +134,7 @@ probe/assoc/auth requests via object subscribe. accounting_deinit(hapd); hostapd_deinit_wpa(hapd); vlan_deinit(hapd); -@@ -1316,6 +1317,8 @@ static int hostapd_start_beacon(struct h +@@ -1324,6 +1325,8 @@ static int hostapd_start_beacon(struct h if (hapd->driver && hapd->driver->set_operstate) hapd->driver->set_operstate(hapd->drv_priv, 1); @@ -143,7 +143,7 @@ probe/assoc/auth requests via object subscribe. return 0; } -@@ -2525,6 +2528,7 @@ static int hostapd_setup_interface_compl +@@ -2546,6 +2549,7 @@ static int hostapd_setup_interface_compl if (err) goto fail; @@ -151,7 +151,7 @@ probe/assoc/auth requests via object subscribe. wpa_printf(MSG_DEBUG, "Completing interface initialization"); if (iface->freq) { #ifdef NEED_AP_MLME -@@ -2750,6 +2754,7 @@ dfs_offload: +@@ -2771,6 +2775,7 @@ dfs_offload: fail: wpa_printf(MSG_ERROR, "Interface initialization failed"); @@ -159,7 +159,7 @@ probe/assoc/auth requests via object subscribe. if (iface->is_no_ir) { hostapd_set_state(iface, HAPD_IFACE_NO_IR); -@@ -3478,6 +3483,7 @@ void hostapd_interface_deinit_free(struc +@@ -3501,6 +3506,7 @@ void hostapd_interface_deinit_free(struc (unsigned int) iface->conf->num_bss); driver = iface->bss[0]->driver; drv_priv = iface->bss[0]->drv_priv; @@ -195,7 +195,7 @@ probe/assoc/auth requests via object subscribe. struct hostapd_iface * hostapd_alloc_iface(void); --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c -@@ -2897,7 +2897,7 @@ static void handle_auth(struct hostapd_d +@@ -2941,7 +2941,7 @@ static void handle_auth(struct hostapd_d u16 auth_alg, auth_transaction, status_code; u16 resp = WLAN_STATUS_SUCCESS; struct sta_info *sta = NULL; @@ -204,7 +204,7 @@ probe/assoc/auth requests via object subscribe. u16 fc; const u8 *challenge = NULL; u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; -@@ -2908,6 +2908,11 @@ static void handle_auth(struct hostapd_d +@@ -2952,6 +2952,11 @@ static void handle_auth(struct hostapd_d #ifdef CONFIG_IEEE80211BE bool mld_sta = false; #endif /* CONFIG_IEEE80211BE */ @@ -216,7 +216,7 @@ probe/assoc/auth requests via object subscribe. if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", -@@ -3104,6 +3109,13 @@ static void handle_auth(struct hostapd_d +@@ -3148,6 +3153,13 @@ static void handle_auth(struct hostapd_d resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto fail; } @@ -230,7 +230,7 @@ probe/assoc/auth requests via object subscribe. if (res == HOSTAPD_ACL_PENDING) return; -@@ -5367,7 +5379,7 @@ static void handle_assoc(struct hostapd_ +@@ -5477,7 +5489,7 @@ static void handle_assoc(struct hostapd_ int resp = WLAN_STATUS_SUCCESS; u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE; const u8 *pos; @@ -239,7 +239,7 @@ probe/assoc/auth requests via object subscribe. struct sta_info *sta; u8 *tmp = NULL; #ifdef CONFIG_FILS -@@ -5609,6 +5621,11 @@ static void handle_assoc(struct hostapd_ +@@ -5719,6 +5731,11 @@ static void handle_assoc(struct hostapd_ left = res; } #endif /* CONFIG_FILS */ @@ -251,7 +251,7 @@ probe/assoc/auth requests via object subscribe. /* followed by SSID and Supported rates; and HT capabilities if 802.11n * is used */ -@@ -5711,6 +5728,13 @@ static void handle_assoc(struct hostapd_ +@@ -5826,6 +5843,13 @@ static void handle_assoc(struct hostapd_ if (set_beacon) ieee802_11_update_beacons(hapd->iface); @@ -265,7 +265,7 @@ probe/assoc/auth requests via object subscribe. fail: /* -@@ -5940,6 +5964,7 @@ static void handle_disassoc(struct hosta +@@ -6055,6 +6079,7 @@ static void handle_disassoc(struct hosta (unsigned long) len); return; } @@ -273,7 +273,7 @@ probe/assoc/auth requests via object subscribe. sta = ap_get_sta(hapd, mgmt->sa); if (!sta) { -@@ -5971,6 +5996,8 @@ static void handle_deauth(struct hostapd +@@ -6086,6 +6111,8 @@ static void handle_deauth(struct hostapd /* Clear the PTKSA cache entries for PASN */ ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE); @@ -305,7 +305,7 @@ probe/assoc/auth requests via object subscribe. wpa_printf(MSG_DEBUG, "RRM action %u is not supported", --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c -@@ -542,6 +542,7 @@ void ap_handle_timer(void *eloop_ctx, vo +@@ -543,6 +543,7 @@ void ap_handle_timer(void *eloop_ctx, vo hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_INFO, "deauthenticated due to " "local deauth request"); @@ -313,7 +313,7 @@ probe/assoc/auth requests via object subscribe. ap_free_sta(hapd, sta); return; } -@@ -699,6 +700,7 @@ skip_poll: +@@ -700,6 +701,7 @@ skip_poll: mlme_deauthenticate_indication( hapd, sta, WLAN_REASON_PREV_AUTH_NOT_VALID); @@ -321,7 +321,7 @@ probe/assoc/auth requests via object subscribe. ap_free_sta(hapd, sta); break; } -@@ -1521,15 +1523,28 @@ void ap_sta_set_authorized_event(struct +@@ -1588,15 +1590,28 @@ void ap_sta_set_authorized_event(struct os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr)); if (authorized) { @@ -350,7 +350,7 @@ probe/assoc/auth requests via object subscribe. #ifdef CONFIG_P2P if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) { os_snprintf(ip_addr, sizeof(ip_addr), -@@ -1540,6 +1555,13 @@ void ap_sta_set_authorized_event(struct +@@ -1607,6 +1622,13 @@ void ap_sta_set_authorized_event(struct } #endif /* CONFIG_P2P */ @@ -364,7 +364,7 @@ probe/assoc/auth requests via object subscribe. keyid = ap_sta_wpa_get_keyid(hapd, sta); if (keyid) { os_snprintf(keyid_buf, sizeof(keyid_buf), -@@ -1558,17 +1580,19 @@ void ap_sta_set_authorized_event(struct +@@ -1625,17 +1647,19 @@ void ap_sta_set_authorized_event(struct dpp_pkhash, SHA256_MAC_LEN); } @@ -390,7 +390,7 @@ probe/assoc/auth requests via object subscribe. hapd->msg_ctx_parent != hapd->msg_ctx) --- a/src/ap/sta_info.h +++ b/src/ap/sta_info.h -@@ -304,6 +304,7 @@ struct sta_info { +@@ -305,6 +305,7 @@ struct sta_info { #endif /* CONFIG_TESTING_OPTIONS */ #ifdef CONFIG_AIRTIME_POLICY unsigned int airtime_weight; @@ -478,7 +478,7 @@ probe/assoc/auth requests via object subscribe. } --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c -@@ -328,6 +328,7 @@ static void hostapd_wpa_auth_psk_failure +@@ -331,6 +331,7 @@ static void hostapd_wpa_auth_psk_failure struct hostapd_data *hapd = ctx; wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR, MAC2STR(addr)); @@ -650,7 +650,7 @@ probe/assoc/auth requests via object subscribe. ifdef CONFIG_CODE_COVERAGE CFLAGS += -O0 -fprofile-arcs -ftest-coverage -U_FORTIFY_SOURCE LIBS += -lgcov -@@ -1043,6 +1050,9 @@ ifdef CONFIG_CTRL_IFACE_MIB +@@ -1044,6 +1051,9 @@ ifdef CONFIG_CTRL_IFACE_MIB CFLAGS += -DCONFIG_CTRL_IFACE_MIB endif OBJS += ../src/ap/ctrl_iface_ap.o @@ -683,7 +683,7 @@ probe/assoc/auth requests via object subscribe. break; --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -7920,6 +7920,8 @@ struct wpa_supplicant * wpa_supplicant_a +@@ -8195,6 +8195,8 @@ struct wpa_supplicant * wpa_supplicant_a } #endif /* CONFIG_P2P */ @@ -692,7 +692,7 @@ probe/assoc/auth requests via object subscribe. return wpa_s; } -@@ -7946,6 +7948,8 @@ int wpa_supplicant_remove_iface(struct w +@@ -8221,6 +8223,8 @@ int wpa_supplicant_remove_iface(struct w struct wpa_supplicant *parent = wpa_s->parent; #endif /* CONFIG_MESH */ @@ -701,7 +701,7 @@ probe/assoc/auth requests via object subscribe. /* Remove interface from the global list of interfaces */ prev = global->ifaces; if (prev == wpa_s) { -@@ -8292,8 +8296,12 @@ int wpa_supplicant_run(struct wpa_global +@@ -8567,8 +8571,12 @@ int wpa_supplicant_run(struct wpa_global eloop_register_signal_terminate(wpa_supplicant_terminate, global); eloop_register_signal_reconfig(wpa_supplicant_reconfig, global); @@ -733,7 +733,7 @@ probe/assoc/auth requests via object subscribe. }; -@@ -693,6 +696,7 @@ struct wpa_supplicant { +@@ -705,6 +708,7 @@ struct wpa_supplicant { unsigned char own_addr[ETH_ALEN]; unsigned char perm_addr[ETH_ALEN]; char ifname[100]; diff --git a/package/network/services/hostapd/patches/601-ucode_support.patch b/package/network/services/hostapd/patches/601-ucode_support.patch index 5a88687cf2..1e1f399765 100644 --- a/package/network/services/hostapd/patches/601-ucode_support.patch +++ b/package/network/services/hostapd/patches/601-ucode_support.patch @@ -34,7 +34,7 @@ as adding/removing interfaces. ifdef CONFIG_CODE_COVERAGE --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c -@@ -5998,6 +5998,7 @@ try_again: +@@ -6031,6 +6031,7 @@ try_again: return -1; } @@ -42,7 +42,7 @@ as adding/removing interfaces. wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb); return 0; -@@ -6099,6 +6100,7 @@ fail: +@@ -6132,6 +6133,7 @@ fail: os_free(fname); interface->global_ctrl_sock = s; @@ -52,7 +52,7 @@ as adding/removing interfaces. --- a/hostapd/main.c +++ b/hostapd/main.c -@@ -1033,6 +1033,7 @@ int main(int argc, char *argv[]) +@@ -1074,6 +1074,7 @@ int main(int argc, char *argv[]) } hostapd_global_ctrl_iface_init(&interfaces); @@ -60,7 +60,7 @@ as adding/removing interfaces. if (hostapd_global_run(&interfaces, daemonize, pid_file)) { wpa_printf(MSG_ERROR, "Failed to start eloop"); -@@ -1042,6 +1043,7 @@ int main(int argc, char *argv[]) +@@ -1083,6 +1084,7 @@ int main(int argc, char *argv[]) ret = 0; out: @@ -70,7 +70,7 @@ as adding/removing interfaces. for (i = 0; i < interfaces.count; i++) { --- a/src/ap/ap_drv_ops.h +++ b/src/ap/ap_drv_ops.h -@@ -409,6 +409,23 @@ static inline int hostapd_drv_stop_ap(st +@@ -410,6 +410,23 @@ static inline int hostapd_drv_stop_ap(st return hapd->driver->stop_ap(hapd->drv_priv, link_id); } @@ -96,7 +96,7 @@ as adding/removing interfaces. { --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -255,6 +255,8 @@ int hostapd_reload_config(struct hostapd +@@ -259,6 +259,8 @@ int hostapd_reload_config(struct hostapd struct hostapd_config *newconf, *oldconf; size_t j; @@ -105,7 +105,7 @@ as adding/removing interfaces. if (iface->config_fname == NULL) { /* Only in-memory config in use - assume it has been updated */ hostapd_clear_old(iface); -@@ -475,6 +477,7 @@ void hostapd_free_hapd_data(struct hosta +@@ -479,6 +481,7 @@ void hostapd_free_hapd_data(struct hosta hapd->beacon_set_done = 0; wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); @@ -113,7 +113,7 @@ as adding/removing interfaces. hostapd_ubus_free_bss(hapd); accounting_deinit(hapd); hostapd_deinit_wpa(hapd); -@@ -729,6 +732,7 @@ void hostapd_cleanup_iface_partial(struc +@@ -737,6 +740,7 @@ void hostapd_cleanup_iface_partial(struc static void hostapd_cleanup_iface(struct hostapd_iface *iface) { wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface); @@ -121,7 +121,7 @@ as adding/removing interfaces. eloop_cancel_timeout(hostapd_interface_setup_failure_handler, iface, NULL); -@@ -1318,6 +1322,7 @@ static int hostapd_start_beacon(struct h +@@ -1326,6 +1330,7 @@ static int hostapd_start_beacon(struct h hapd->driver->set_operstate(hapd->drv_priv, 1); hostapd_ubus_add_bss(hapd); @@ -129,7 +129,7 @@ as adding/removing interfaces. return 0; } -@@ -1393,8 +1398,7 @@ static int hostapd_bss_radius_init(struc +@@ -1401,8 +1406,7 @@ static int hostapd_bss_radius_init(struc * initialized. Most of the modules that are initialized here will be * deinitialized in hostapd_cleanup(). */ @@ -139,7 +139,7 @@ as adding/removing interfaces. { struct hostapd_bss_config *conf = hapd->conf; u8 ssid[SSID_MAX_LEN + 1]; -@@ -1510,6 +1514,8 @@ setup_mld: +@@ -1518,6 +1522,8 @@ setup_mld: } #endif /* CONFIG_IEEE80211BE */ @@ -148,7 +148,7 @@ as adding/removing interfaces. if (conf->wmm_enabled < 0) conf->wmm_enabled = hapd->iconf->ieee80211n | hapd->iconf->ieee80211ax; -@@ -2487,7 +2493,7 @@ static int hostapd_owe_iface_iter2(struc +@@ -2508,7 +2514,7 @@ static int hostapd_owe_iface_iter2(struc #endif /* CONFIG_OWE */ @@ -157,7 +157,7 @@ as adding/removing interfaces. { #ifdef CONFIG_OWE /* Check whether the enabled BSS can complete OWE transition mode -@@ -2954,7 +2960,7 @@ hostapd_alloc_bss_data(struct hostapd_if +@@ -2975,7 +2981,7 @@ hostapd_alloc_bss_data(struct hostapd_if } @@ -166,7 +166,7 @@ as adding/removing interfaces. { if (!hapd) return; -@@ -4015,7 +4021,8 @@ int hostapd_remove_iface(struct hapd_int +@@ -4035,7 +4041,8 @@ int hostapd_remove_iface(struct hapd_int hapd_iface = interfaces->iface[i]; if (hapd_iface == NULL) return -1; @@ -219,10 +219,10 @@ as adding/removing interfaces. const char *config_fname, int debug); +int hostapd_setup_bss(struct hostapd_data *hapd, int first, bool start_beacon); +void hostapd_bss_deinit(struct hostapd_data *hapd); + void hostapd_bss_setup_multi_link(struct hostapd_data *hapd, + struct hapd_interfaces *interfaces); void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta, - int reassoc); - void hostapd_interface_deinit_free(struct hostapd_iface *iface); -@@ -815,6 +824,7 @@ hostapd_switch_channel_fallback(struct h +@@ -817,6 +826,7 @@ hostapd_switch_channel_fallback(struct h void hostapd_cleanup_cs_params(struct hostapd_data *hapd); void hostapd_periodic_iface(struct hostapd_iface *iface); int hostapd_owe_trans_get_info(struct hostapd_data *hapd); @@ -232,7 +232,7 @@ as adding/removing interfaces. void hostapd_switch_color(struct hostapd_data *hapd, u64 bitmap); --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -3928,6 +3928,25 @@ struct wpa_driver_ops { +@@ -4003,6 +4003,25 @@ struct wpa_driver_ops { const char *ifname); /** @@ -258,7 +258,7 @@ as adding/removing interfaces. * set_sta_vlan - Bind a station into a specific interface (AP only) * @priv: Private driver interface data * @ifname: Interface (main or virtual BSS or VLAN) -@@ -6720,6 +6739,7 @@ union wpa_event_data { +@@ -6818,6 +6837,7 @@ union wpa_event_data { /** * struct ch_switch @@ -266,7 +266,7 @@ as adding/removing interfaces. * @freq: Frequency of new channel in MHz * @ht_enabled: Whether this is an HT channel * @ch_offset: Secondary channel offset -@@ -6730,6 +6750,7 @@ union wpa_event_data { +@@ -6828,6 +6848,7 @@ union wpa_event_data { * @punct_bitmap: Puncturing bitmap */ struct ch_switch { @@ -293,7 +293,7 @@ as adding/removing interfaces. static struct nl_sock * nl_create_handle(struct nl_cb *cb, const char *dbg) { -@@ -431,6 +441,11 @@ static int no_seq_check(struct nl_msg *m +@@ -437,6 +447,11 @@ static int no_seq_check(struct nl_msg *m return NL_OK; } @@ -305,7 +305,7 @@ as adding/removing interfaces. static void nl80211_nlmsg_clear(struct nl_msg *msg) { -@@ -504,6 +519,8 @@ int send_and_recv(struct nl80211_global +@@ -511,6 +526,8 @@ int send_and_recv_glb(struct nl80211_glo if (!msg) return -ENOMEM; @@ -314,15 +314,15 @@ as adding/removing interfaces. err.err = -ENOMEM; s_nl_cb = nl_socket_get_cb(nl_handle); -@@ -538,6 +555,7 @@ int send_and_recv(struct nl80211_global - err.orig_msg = msg; +@@ -546,6 +563,7 @@ int send_and_recv_glb(struct nl80211_glo err.err_info = err_info; + err.drv = drv; + nl_cb_set(cb, NL_CB_MSG_IN, NL_CB_CUSTOM, debug_handler, NULL); nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err.err); if (ack_handler_custom) { -@@ -941,6 +959,7 @@ nl80211_get_wiphy_data_ap(struct i802_bs +@@ -949,6 +967,7 @@ nl80211_get_wiphy_data_ap(struct i802_bs os_free(w); return NULL; } @@ -330,7 +330,7 @@ as adding/removing interfaces. nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, -@@ -1355,7 +1374,7 @@ static void wpa_driver_nl80211_event_rtm +@@ -1364,7 +1383,7 @@ static void wpa_driver_nl80211_event_rtm } wpa_printf(MSG_DEBUG, "nl80211: Interface down (%s/%s)", namebuf, ifname); @@ -339,7 +339,7 @@ as adding/removing interfaces. wpa_printf(MSG_DEBUG, "nl80211: Not the main interface (%s) - do not indicate interface down", drv->first_bss->ifname); -@@ -1391,7 +1410,7 @@ static void wpa_driver_nl80211_event_rtm +@@ -1400,7 +1419,7 @@ static void wpa_driver_nl80211_event_rtm } wpa_printf(MSG_DEBUG, "nl80211: Interface up (%s/%s)", namebuf, ifname); @@ -348,7 +348,7 @@ as adding/removing interfaces. wpa_printf(MSG_DEBUG, "nl80211: Not the main interface (%s) - do not indicate interface up", drv->first_bss->ifname); -@@ -2037,6 +2056,7 @@ static int wpa_driver_nl80211_init_nl_gl +@@ -2046,6 +2065,7 @@ static int wpa_driver_nl80211_init_nl_gl genl_family_put(family); nl_cache_free(cache); @@ -356,7 +356,7 @@ as adding/removing interfaces. nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, -@@ -2207,6 +2227,7 @@ static int nl80211_init_bss(struct i802_ +@@ -2216,6 +2236,7 @@ static int nl80211_init_bss(struct i802_ if (!bss->nl_cb) return -1; @@ -364,7 +364,7 @@ as adding/removing interfaces. nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, -@@ -8704,6 +8725,7 @@ static void *i802_init(struct hostapd_da +@@ -8844,6 +8865,7 @@ static void *i802_init(struct hostapd_da char master_ifname[IFNAMSIZ]; int ifindex, br_ifindex = 0; int br_added = 0; @@ -372,7 +372,7 @@ as adding/removing interfaces. bss = wpa_driver_nl80211_drv_init(hapd, params->ifname, params->global_priv, 1, -@@ -8763,21 +8785,17 @@ static void *i802_init(struct hostapd_da +@@ -8904,21 +8926,17 @@ static void *i802_init(struct hostapd_da (params->num_bridge == 0 || !params->bridge[0])) add_ifidx(drv, br_ifindex, drv->ifindex); @@ -404,7 +404,7 @@ as adding/removing interfaces. } if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) { -@@ -9146,6 +9164,50 @@ static int wpa_driver_nl80211_if_remove( +@@ -9287,6 +9305,50 @@ static int wpa_driver_nl80211_if_remove( return 0; } @@ -455,7 +455,7 @@ as adding/removing interfaces. static int cookie_handler(struct nl_msg *msg, void *arg) { -@@ -10962,6 +11024,37 @@ static bool nl80211_is_drv_shared(void * +@@ -11150,6 +11212,37 @@ static bool nl80211_is_drv_shared(void * #endif /* CONFIG_IEEE80211BE */ @@ -493,7 +493,7 @@ as adding/removing interfaces. static int driver_nl80211_send_mlme(void *priv, const u8 *data, size_t data_len, int noack, unsigned int freq, -@@ -14510,6 +14603,8 @@ const struct wpa_driver_ops wpa_driver_n +@@ -14874,6 +14967,8 @@ const struct wpa_driver_ops wpa_driver_n .set_acl = wpa_driver_nl80211_set_acl, .if_add = wpa_driver_nl80211_if_add, .if_remove = driver_nl80211_if_remove, @@ -504,7 +504,7 @@ as adding/removing interfaces. .sta_add = wpa_driver_nl80211_sta_add, --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c -@@ -1197,6 +1197,7 @@ static void mlme_event_ch_switch(struct +@@ -1199,6 +1199,7 @@ static void mlme_event_ch_switch(struct struct nlattr *bw, struct nlattr *cf1, struct nlattr *cf2, struct nlattr *punct_bitmap, @@ -512,7 +512,7 @@ as adding/removing interfaces. int finished) { struct i802_bss *bss; -@@ -1260,6 +1261,8 @@ static void mlme_event_ch_switch(struct +@@ -1262,6 +1263,8 @@ static void mlme_event_ch_switch(struct data.ch_switch.cf1 = nla_get_u32(cf1); if (cf2) data.ch_switch.cf2 = nla_get_u32(cf2); @@ -521,7 +521,7 @@ as adding/removing interfaces. if (link) { data.ch_switch.link_id = nla_get_u8(link); -@@ -4054,6 +4057,7 @@ static void do_process_drv_event(struct +@@ -4114,6 +4117,7 @@ static void do_process_drv_event(struct tb[NL80211_ATTR_CENTER_FREQ1], tb[NL80211_ATTR_CENTER_FREQ2], tb[NL80211_ATTR_PUNCT_BITMAP], @@ -529,7 +529,7 @@ as adding/removing interfaces. 0); break; case NL80211_CMD_CH_SWITCH_NOTIFY: -@@ -4066,6 +4070,7 @@ static void do_process_drv_event(struct +@@ -4126,6 +4130,7 @@ static void do_process_drv_event(struct tb[NL80211_ATTR_CENTER_FREQ1], tb[NL80211_ATTR_CENTER_FREQ2], tb[NL80211_ATTR_PUNCT_BITMAP], @@ -610,7 +610,7 @@ as adding/removing interfaces. endif ifdef CONFIG_CODE_COVERAGE -@@ -1053,6 +1065,9 @@ OBJS += ../src/ap/ctrl_iface_ap.o +@@ -1054,6 +1066,9 @@ OBJS += ../src/ap/ctrl_iface_ap.o ifdef CONFIG_UBUS OBJS += ../src/ap/ubus.o endif @@ -622,7 +622,7 @@ as adding/removing interfaces. CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -6167,6 +6167,7 @@ void supplicant_event(void *ctx, enum wp +@@ -6206,6 +6206,7 @@ void supplicant_event(void *ctx, enum wp event_to_string(event), event); #endif /* CONFIG_NO_STDOUT_DEBUG */ @@ -632,7 +632,7 @@ as adding/removing interfaces. #ifdef CONFIG_FST --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c -@@ -1151,6 +1151,7 @@ void wpa_supplicant_set_state(struct wpa +@@ -1256,6 +1256,7 @@ void wpa_supplicant_set_state(struct wpa sme_sched_obss_scan(wpa_s, 0); } wpa_s->wpa_state = state; @@ -640,7 +640,7 @@ as adding/removing interfaces. #ifdef CONFIG_BGSCAN if (state == WPA_COMPLETED && wpa_s->current_ssid != wpa_s->bgscan_ssid) -@@ -7921,6 +7922,7 @@ struct wpa_supplicant * wpa_supplicant_a +@@ -8196,6 +8197,7 @@ struct wpa_supplicant * wpa_supplicant_a #endif /* CONFIG_P2P */ wpas_ubus_add_bss(wpa_s); @@ -648,7 +648,7 @@ as adding/removing interfaces. return wpa_s; } -@@ -7948,6 +7950,7 @@ int wpa_supplicant_remove_iface(struct w +@@ -8223,6 +8225,7 @@ int wpa_supplicant_remove_iface(struct w struct wpa_supplicant *parent = wpa_s->parent; #endif /* CONFIG_MESH */ @@ -656,7 +656,7 @@ as adding/removing interfaces. wpas_ubus_free_bss(wpa_s); /* Remove interface from the global list of interfaces */ -@@ -8258,6 +8261,7 @@ struct wpa_global * wpa_supplicant_init( +@@ -8533,6 +8536,7 @@ struct wpa_global * wpa_supplicant_init( eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0, wpas_periodic, global, NULL); @@ -664,7 +664,7 @@ as adding/removing interfaces. return global; } -@@ -8296,12 +8300,8 @@ int wpa_supplicant_run(struct wpa_global +@@ -8571,12 +8575,8 @@ int wpa_supplicant_run(struct wpa_global eloop_register_signal_terminate(wpa_supplicant_terminate, global); eloop_register_signal_reconfig(wpa_supplicant_reconfig, global); @@ -677,7 +677,7 @@ as adding/removing interfaces. return 0; } -@@ -8334,6 +8334,8 @@ void wpa_supplicant_deinit(struct wpa_gl +@@ -8609,6 +8609,8 @@ void wpa_supplicant_deinit(struct wpa_gl wpas_notify_supplicant_deinitialized(global); @@ -696,7 +696,7 @@ as adding/removing interfaces. extern const char *const wpa_supplicant_version; extern const char *const wpa_supplicant_license; -@@ -697,6 +698,7 @@ struct wpa_supplicant { +@@ -709,6 +710,7 @@ struct wpa_supplicant { unsigned char perm_addr[ETH_ALEN]; char ifname[100]; struct wpas_ubus_bss ubus; @@ -730,7 +730,7 @@ as adding/removing interfaces. } +use_sta_psk: - if (!password && sta) { + if (!password && sta && !rx_id) { for (psk = sta->psk; psk; psk = psk->next) { - if (psk->is_passphrase) { - password = psk->passphrase; @@ -758,7 +758,7 @@ as adding/removing interfaces. } } -@@ -3229,6 +3252,12 @@ static void handle_auth(struct hostapd_d +@@ -3273,6 +3296,12 @@ static void handle_auth(struct hostapd_d goto fail; } @@ -773,7 +773,7 @@ as adding/removing interfaces. --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c -@@ -474,6 +474,11 @@ void ap_free_sta(struct hostapd_data *ha +@@ -475,6 +475,11 @@ void ap_free_sta(struct hostapd_data *ha forced_memzero(sta->last_tk, WPA_TK_MAX_LEN); #endif /* CONFIG_TESTING_OPTIONS */ @@ -785,7 +785,7 @@ as adding/removing interfaces. os_free(sta); } -@@ -1507,6 +1512,8 @@ void ap_sta_set_authorized_event(struct +@@ -1574,6 +1579,8 @@ void ap_sta_set_authorized_event(struct #endif /* CONFIG_P2P */ const u8 *ip_ptr = NULL; @@ -796,7 +796,7 @@ as adding/removing interfaces. if (sta->p2p_ie != NULL && --- a/src/ap/sta_info.h +++ b/src/ap/sta_info.h -@@ -180,6 +180,9 @@ struct sta_info { +@@ -181,6 +181,9 @@ struct sta_info { int vlan_id_bound; /* updated by ap_sta_bind_vlan() */ /* PSKs from RADIUS authentication server */ struct hostapd_sta_wpa_psk_short *psk; @@ -808,7 +808,7 @@ as adding/removing interfaces. char *radius_cui; /* Chargeable-User-Identity from RADIUS */ --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c -@@ -400,6 +400,7 @@ static const u8 * hostapd_wpa_auth_get_p +@@ -403,6 +403,7 @@ static const u8 * hostapd_wpa_auth_get_p struct sta_info *sta = ap_get_sta(hapd, addr); const u8 *psk; @@ -816,7 +816,7 @@ as adding/removing interfaces. if (vlan_id) *vlan_id = 0; if (psk_len) -@@ -446,13 +447,16 @@ static const u8 * hostapd_wpa_auth_get_p +@@ -449,13 +450,16 @@ static const u8 * hostapd_wpa_auth_get_p * returned psk which should not be returned again. * logic list (all hostapd_get_psk; all sta->psk) */ @@ -834,7 +834,7 @@ as adding/removing interfaces. if (pos->is_passphrase) { if (pbkdf2_sha1(pos->passphrase, hapd->conf->ssid.ssid, -@@ -469,6 +473,8 @@ static const u8 * hostapd_wpa_auth_get_p +@@ -472,6 +476,8 @@ static const u8 * hostapd_wpa_auth_get_p break; } } diff --git a/package/network/services/hostapd/patches/701-reload_config_inline.patch b/package/network/services/hostapd/patches/701-reload_config_inline.patch index 5404547647..2c2b9d4c30 100644 --- a/package/network/services/hostapd/patches/701-reload_config_inline.patch +++ b/package/network/services/hostapd/patches/701-reload_config_inline.patch @@ -8,7 +8,7 @@ as adding/removing interfaces. --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -5207,7 +5207,12 @@ struct hostapd_config * hostapd_config_r +@@ -5223,7 +5223,12 @@ struct hostapd_config * hostapd_config_r int errors = 0; size_t i; @@ -24,9 +24,9 @@ as adding/removing interfaces. "for reading.", fname); --- a/wpa_supplicant/config_file.c +++ b/wpa_supplicant/config_file.c -@@ -326,8 +326,13 @@ struct wpa_config * wpa_config_read(cons - while (cred_tail && cred_tail->next) - cred_tail = cred_tail->next; +@@ -390,8 +390,13 @@ struct wpa_config * wpa_config_read(cons + while (identity_tail && identity_tail->next) + identity_tail = identity_tail->next; + if (!strncmp(name, "data:", 5)) { + f = fmemopen((void *)(name + 5), strlen(name + 5), "r"); diff --git a/package/network/services/hostapd/patches/710-vlan_no_bridge.patch b/package/network/services/hostapd/patches/710-vlan_no_bridge.patch index d4c6b14456..750d159f8d 100644 --- a/package/network/services/hostapd/patches/710-vlan_no_bridge.patch +++ b/package/network/services/hostapd/patches/710-vlan_no_bridge.patch @@ -8,7 +8,7 @@ was provided by the config --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -3646,6 +3646,8 @@ static int hostapd_config_fill(struct ho +@@ -3644,6 +3644,8 @@ static int hostapd_config_fill(struct ho #ifndef CONFIG_NO_VLAN } else if (os_strcmp(buf, "dynamic_vlan") == 0) { bss->ssid.dynamic_vlan = atoi(pos); diff --git a/package/network/services/hostapd/patches/711-wds_bridge_force.patch b/package/network/services/hostapd/patches/711-wds_bridge_force.patch index 56750352f3..7c5a3998f0 100644 --- a/package/network/services/hostapd/patches/711-wds_bridge_force.patch +++ b/package/network/services/hostapd/patches/711-wds_bridge_force.patch @@ -22,7 +22,7 @@ instead rely entirely on netifd handling this properly } else if (os_strcmp(buf, "vlan_bridge") == 0) { --- a/src/ap/ap_drv_ops.c +++ b/src/ap/ap_drv_ops.c -@@ -390,8 +390,6 @@ int hostapd_set_wds_sta(struct hostapd_d +@@ -394,8 +394,6 @@ int hostapd_set_wds_sta(struct hostapd_d return -1; if (hapd->conf->wds_bridge[0]) bridge = hapd->conf->wds_bridge; diff --git a/package/network/services/hostapd/patches/720-iface_max_num_sta.patch b/package/network/services/hostapd/patches/720-iface_max_num_sta.patch index e9d35de6be..022b2d9621 100644 --- a/package/network/services/hostapd/patches/720-iface_max_num_sta.patch +++ b/package/network/services/hostapd/patches/720-iface_max_num_sta.patch @@ -8,7 +8,7 @@ full device, e.g. in order to deal with hardware/driver limitations --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -3090,6 +3090,14 @@ static int hostapd_config_fill(struct ho +@@ -3088,6 +3088,14 @@ static int hostapd_config_fill(struct ho line, bss->max_num_sta, MAX_STA_COUNT); return 1; } @@ -25,7 +25,7 @@ full device, e.g. in order to deal with hardware/driver limitations } else if (os_strcmp(buf, "extended_key_id") == 0) { --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h -@@ -1086,6 +1086,8 @@ struct hostapd_config { +@@ -1089,6 +1089,8 @@ struct hostapd_config { unsigned int track_sta_max_num; unsigned int track_sta_max_age; @@ -36,7 +36,7 @@ full device, e.g. in order to deal with hardware/driver limitations * ' ' (ascii 32): all environments --- a/src/ap/beacon.c +++ b/src/ap/beacon.c -@@ -1634,7 +1634,7 @@ void handle_probe_req(struct hostapd_dat +@@ -1653,7 +1653,7 @@ void handle_probe_req(struct hostapd_dat if (hapd->conf->no_probe_resp_if_max_sta && is_multicast_ether_addr(mgmt->da) && is_multicast_ether_addr(mgmt->bssid) && @@ -47,7 +47,7 @@ full device, e.g. in order to deal with hardware/driver limitations " since no room for additional STA", --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -247,6 +247,29 @@ static int hostapd_iface_conf_changed(st +@@ -251,6 +251,29 @@ static int hostapd_iface_conf_changed(st return 0; } @@ -79,7 +79,7 @@ full device, e.g. in order to deal with hardware/driver limitations { --- a/src/ap/hostapd.h +++ b/src/ap/hostapd.h -@@ -826,6 +826,7 @@ void hostapd_periodic_iface(struct hosta +@@ -828,6 +828,7 @@ void hostapd_periodic_iface(struct hosta int hostapd_owe_trans_get_info(struct hostapd_data *hapd); void hostapd_owe_update_trans(struct hostapd_iface *iface);; void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx); diff --git a/package/network/services/hostapd/patches/730-ft_iface.patch b/package/network/services/hostapd/patches/730-ft_iface.patch index ac7d3abd78..728411bb60 100644 --- a/package/network/services/hostapd/patches/730-ft_iface.patch +++ b/package/network/services/hostapd/patches/730-ft_iface.patch @@ -8,7 +8,7 @@ a VLAN interface on top of the bridge, instead of using the bridge directly --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -3287,6 +3287,8 @@ static int hostapd_config_fill(struct ho +@@ -3285,6 +3285,8 @@ static int hostapd_config_fill(struct ho wpa_printf(MSG_INFO, "Line %d: Obsolete peerkey parameter ignored", line); #ifdef CONFIG_IEEE80211R_AP @@ -29,7 +29,7 @@ a VLAN interface on top of the bridge, instead of using the bridge directly int bridge_hairpin; /* hairpin_mode on bridge members */ --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c -@@ -1821,8 +1821,12 @@ int hostapd_setup_wpa(struct hostapd_dat +@@ -1825,8 +1825,12 @@ int hostapd_setup_wpa(struct hostapd_dat wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) { const char *ft_iface; diff --git a/package/network/services/hostapd/patches/740-snoop_iface.patch b/package/network/services/hostapd/patches/740-snoop_iface.patch index 3c59865f84..0d7024af8f 100644 --- a/package/network/services/hostapd/patches/740-snoop_iface.patch +++ b/package/network/services/hostapd/patches/740-snoop_iface.patch @@ -29,7 +29,7 @@ untagged DHCP packets int bridge_hairpin; /* hairpin_mode on bridge members */ --- a/src/ap/ap_drv_ops.h +++ b/src/ap/ap_drv_ops.h -@@ -376,12 +376,12 @@ static inline int hostapd_drv_br_port_se +@@ -377,12 +377,12 @@ static inline int hostapd_drv_br_port_se static inline int hostapd_drv_br_set_net_param(struct hostapd_data *hapd, enum drv_br_net_param param, @@ -112,7 +112,7 @@ untagged DHCP packets hapd->x_snoop_initialized = false; --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -4350,7 +4350,7 @@ struct wpa_driver_ops { +@@ -4429,7 +4429,7 @@ struct wpa_driver_ops { * Returns: 0 on success, negative (<0) on failure */ int (*br_set_net_param)(void *priv, enum drv_br_net_param param, @@ -123,7 +123,7 @@ untagged DHCP packets * get_wowlan - Get wake-on-wireless status --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -12662,7 +12662,7 @@ static const char * drv_br_net_param_str +@@ -12853,7 +12853,7 @@ static const char * drv_br_net_param_str static int wpa_driver_br_set_net_param(void *priv, enum drv_br_net_param param, @@ -132,7 +132,7 @@ untagged DHCP packets { struct i802_bss *bss = priv; char path[128]; -@@ -12688,8 +12688,11 @@ static int wpa_driver_br_set_net_param(v +@@ -12879,8 +12879,11 @@ static int wpa_driver_br_set_net_param(v return -EINVAL; } diff --git a/package/network/services/hostapd/patches/760-dynamic_own_ip.patch b/package/network/services/hostapd/patches/760-dynamic_own_ip.patch index 5f13b861d3..7f1dc11755 100644 --- a/package/network/services/hostapd/patches/760-dynamic_own_ip.patch +++ b/package/network/services/hostapd/patches/760-dynamic_own_ip.patch @@ -7,7 +7,7 @@ Some servers use the NAS-IP-Address attribute as a destination address --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -2865,6 +2865,8 @@ static int hostapd_config_fill(struct ho +@@ -2863,6 +2863,8 @@ static int hostapd_config_fill(struct ho } else if (os_strcmp(buf, "iapp_interface") == 0) { wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used"); #endif /* CONFIG_IAPP */ @@ -28,7 +28,7 @@ Some servers use the NAS-IP-Address attribute as a destination address int radius_require_message_authenticator; --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c -@@ -600,6 +600,10 @@ int add_common_radius_attr(struct hostap +@@ -598,6 +598,10 @@ int add_common_radius_attr(struct hostap struct hostapd_radius_attr *attr; int len; @@ -81,7 +81,7 @@ Some servers use the NAS-IP-Address attribute as a destination address * radius_client_send - Send a RADIUS request * @radius: RADIUS client context from radius_client_init() * @msg: RADIUS message to be sent -@@ -1711,6 +1737,10 @@ radius_change_server(struct radius_clien +@@ -1714,6 +1740,10 @@ radius_change_server(struct radius_clien wpa_printf(MSG_DEBUG, "RADIUS local address: %s:%u", inet_ntoa(claddr.sin_addr), ntohs(claddr.sin_port)); @@ -92,7 +92,7 @@ Some servers use the NAS-IP-Address attribute as a destination address } break; #ifdef CONFIG_IPV6 -@@ -1722,6 +1752,10 @@ radius_change_server(struct radius_clien +@@ -1725,6 +1755,10 @@ radius_change_server(struct radius_clien inet_ntop(AF_INET6, &claddr6.sin6_addr, abuf, sizeof(abuf)), ntohs(claddr6.sin6_port)); diff --git a/package/network/services/hostapd/patches/761-shared_das_port.patch b/package/network/services/hostapd/patches/761-shared_das_port.patch index 26aeacac76..0b52e7d0a9 100644 --- a/package/network/services/hostapd/patches/761-shared_das_port.patch +++ b/package/network/services/hostapd/patches/761-shared_das_port.patch @@ -7,7 +7,7 @@ Use the NAS identifier to find the right receiver context on incoming messages --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c -@@ -1379,6 +1379,7 @@ static int hostapd_bss_radius_init(struc +@@ -1387,6 +1387,7 @@ static int hostapd_bss_radius_init(struc os_memset(&das_conf, 0, sizeof(das_conf)); das_conf.port = conf->radius_das_port; diff --git a/package/network/services/hostapd/patches/762-AP-don-t-ignore-probe-requests-with-invalid-DSSS-par.patch b/package/network/services/hostapd/patches/762-AP-don-t-ignore-probe-requests-with-invalid-DSSS-par.patch index 7beb87118f..03b333138a 100644 --- a/package/network/services/hostapd/patches/762-AP-don-t-ignore-probe-requests-with-invalid-DSSS-par.patch +++ b/package/network/services/hostapd/patches/762-AP-don-t-ignore-probe-requests-with-invalid-DSSS-par.patch @@ -28,7 +28,7 @@ Signed-off-by: David Bauer --- a/src/ap/beacon.c +++ b/src/ap/beacon.c -@@ -1477,7 +1477,7 @@ void handle_probe_req(struct hostapd_dat +@@ -1496,7 +1496,7 @@ void handle_probe_req(struct hostapd_dat * is less likely to see them (Probe Request frame sent on a * neighboring, but partially overlapping, channel). */ diff --git a/package/network/services/hostapd/patches/763-radius-wispr.patch b/package/network/services/hostapd/patches/763-radius-wispr.patch index f5c4668e13..e8967a8547 100644 --- a/package/network/services/hostapd/patches/763-radius-wispr.patch +++ b/package/network/services/hostapd/patches/763-radius-wispr.patch @@ -1,6 +1,6 @@ --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c -@@ -2035,6 +2035,25 @@ static int ieee802_1x_update_vlan(struct +@@ -2033,6 +2033,25 @@ static int ieee802_1x_update_vlan(struct } #endif /* CONFIG_NO_VLAN */ @@ -26,7 +26,7 @@ /** * ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server -@@ -2151,6 +2170,7 @@ ieee802_1x_receive_auth(struct radius_ms +@@ -2149,6 +2168,7 @@ ieee802_1x_receive_auth(struct radius_ms ieee802_1x_check_hs20(hapd, sta, msg, session_timeout_set ? (int) session_timeout : -1); @@ -36,7 +36,7 @@ sm->eap_if->aaaFail = true; --- a/src/ap/sta_info.h +++ b/src/ap/sta_info.h -@@ -94,6 +94,7 @@ struct sta_info { +@@ -95,6 +95,7 @@ struct sta_info { u8 supported_rates[WLAN_SUPP_RATES_MAX]; int supported_rates_len; u8 qosinfo; /* Valid when WLAN_STA_WMM is set */ diff --git a/package/network/services/hostapd/patches/770-radius_server.patch b/package/network/services/hostapd/patches/770-radius_server.patch index c110a85e2e..53d162e916 100644 --- a/package/network/services/hostapd/patches/770-radius_server.patch +++ b/package/network/services/hostapd/patches/770-radius_server.patch @@ -29,7 +29,7 @@ handle reload. #ifndef CONFIG_NO_HOSTAPD_LOGGER static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module, -@@ -793,6 +794,11 @@ int main(int argc, char *argv[]) +@@ -834,6 +835,11 @@ int main(int argc, char *argv[]) if (os_program_init()) return -1; diff --git a/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch b/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch index dae7ad180c..d21027636a 100644 --- a/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch +++ b/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch @@ -39,7 +39,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 --- a/hostapd/Makefile +++ b/hostapd/Makefile -@@ -1416,6 +1416,11 @@ ifdef CONFIG_NO_TKIP +@@ -1429,6 +1429,11 @@ ifdef CONFIG_NO_TKIP CFLAGS += -DCONFIG_NO_TKIP endif @@ -53,7 +53,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c -@@ -5200,6 +5200,15 @@ static int hostapd_config_fill(struct ho +@@ -5216,6 +5216,15 @@ static int hostapd_config_fill(struct ho bss->mld_indicate_disabled = atoi(pos); #endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_IEEE80211BE */ @@ -71,10 +71,10 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 "Line %d: unknown configuration item '%s'", --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h -@@ -999,6 +999,35 @@ struct hostapd_bss_config { - bool mld_indicate_disabled; - #endif /* CONFIG_TESTING_OPTIONS */ - #endif /* CONFIG_IEEE80211BE */ +@@ -1002,6 +1002,35 @@ struct hostapd_bss_config { + int mbssid_index; + + bool spp_amsdu; + +#ifdef CONFIG_APUP + /** @@ -109,7 +109,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 /** --- a/src/ap/ap_drv_ops.c +++ b/src/ap/ap_drv_ops.c -@@ -385,13 +385,39 @@ int hostapd_set_wds_sta(struct hostapd_d +@@ -389,13 +389,39 @@ int hostapd_set_wds_sta(struct hostapd_d const u8 *addr, int aid, int val) { const char *bridge = NULL; @@ -164,7 +164,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 int hostapd_sta_add(struct hostapd_data *hapd, --- /dev/null +++ b/src/ap/apup.c -@@ -0,0 +1,168 @@ +@@ -0,0 +1,169 @@ +/* + * hostapd / APuP Access Point Micro Peering + * @@ -221,12 +221,13 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 + sta_ret = ap_sta_add(hapd, mgmt->bssid); + + /* TODO: this has been added just to making compiler happy after breaking -+ * changes introduced in 11a607d121df512e010148bedcb4263a03329dc7 to support -+ * IEEE80211BE Multi Link Operation. Look at that commit with more time and ++ * changes introduced in 11a607d12 and 7855b6d60 to support ++ * IEEE80211BE Multi Link Operation. Look at these commits with more time and + * understand what could be a proper implementation in this context too + */ + const u8 *mld_link_addr = NULL; + bool mld_link_sta = false; ++ u16 eml_cap = 0; + + /* First add the station without more information */ + int aRet = hostapd_sta_add( @@ -234,7 +235,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 + NULL, 0, 0, NULL, NULL, NULL, 0, NULL, 0, NULL, + sta_ret->flags, 0, 0, 0, + 0, // 0 add, 1 set -+ mld_link_addr, mld_link_sta); ++ mld_link_addr, mld_link_sta, eml_cap); + + sta_ret->flags |= WLAN_STA_AUTH; + wpa_auth_sm_event(sta_ret->wpa_sm, WPA_AUTH); @@ -308,7 +309,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 + sta_ret->vht_opmode, + 0, // int supp_p2p_ps + 1, // 0 add, 1 set -+ mld_link_addr, mld_link_sta); ++ mld_link_addr, mld_link_sta, eml_cap); + + ap_sta_set_authorized(hapd, sta_ret, 1); + hostapd_set_sta_flags(hapd, sta_ret); @@ -372,7 +373,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 #ifdef CONFIG_FILS static struct wpabuf * -@@ -3617,8 +3620,8 @@ static u16 check_multi_ap(struct hostapd +@@ -3664,8 +3667,8 @@ static u16 check_multi_ap(struct hostapd } @@ -383,7 +384,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 { /* Supported rates not used in IEEE 802.11ad/DMG */ if (hapd->iface->current_mode && -@@ -4005,7 +4008,7 @@ static int __check_assoc_ies(struct host +@@ -4105,7 +4108,7 @@ static int __check_assoc_ies(struct host elems->ext_capab_len); if (resp != WLAN_STATUS_SUCCESS) return resp; @@ -392,7 +393,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 if (resp != WLAN_STATUS_SUCCESS) return resp; -@@ -6060,6 +6063,11 @@ static void handle_beacon(struct hostapd +@@ -6175,6 +6178,11 @@ static void handle_beacon(struct hostapd 0); ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); @@ -417,7 +418,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 u16 copy_sta_vendor_vht(struct hostapd_data *hapd, struct sta_info *sta, --- a/src/drivers/driver.h +++ b/src/drivers/driver.h -@@ -4048,7 +4048,7 @@ struct wpa_driver_ops { +@@ -4123,7 +4123,7 @@ struct wpa_driver_ops { * Returns: 0 on success, -1 on failure */ int (*set_wds_sta)(void *priv, const u8 *addr, int aid, int val, @@ -428,7 +429,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6 * send_action - Transmit an Action frame --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c -@@ -8559,25 +8559,15 @@ static int have_ifidx(struct wpa_driver_ +@@ -8699,25 +8699,15 @@ static int have_ifidx(struct wpa_driver_ static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, diff --git a/package/network/services/hostapd/patches/803-hostapd-fix-80211be-build.patch b/package/network/services/hostapd/patches/803-hostapd-fix-80211be-build.patch index f197b71bd7..85c745d187 100644 --- a/package/network/services/hostapd/patches/803-hostapd-fix-80211be-build.patch +++ b/package/network/services/hostapd/patches/803-hostapd-fix-80211be-build.patch @@ -1,6 +1,6 @@ --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c -@@ -1914,3 +1914,22 @@ void ap_sta_free_sta_profile(struct mld_ +@@ -1970,3 +1970,22 @@ void ap_sta_free_sta_profile(struct mld_ } } #endif /* CONFIG_IEEE80211BE */ @@ -25,7 +25,7 @@ + --- a/src/ap/sta_info.h +++ b/src/ap/sta_info.h -@@ -409,23 +409,8 @@ int ap_sta_re_add(struct hostapd_data *h +@@ -414,23 +414,8 @@ int ap_sta_re_add(struct hostapd_data *h void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta); diff --git a/package/network/services/hostapd/patches/804-hostapd-Fix-clearing-up-settings-for-color-switch.patch b/package/network/services/hostapd/patches/804-hostapd-Fix-clearing-up-settings-for-color-switch.patch deleted file mode 100644 index 87d68911c7..0000000000 --- a/package/network/services/hostapd/patches/804-hostapd-Fix-clearing-up-settings-for-color-switch.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 161327f91d956771996c96ea1b6e4e1cb8dc074c Mon Sep 17 00:00:00 2001 -From: Stone Zhang -Date: Mon, 14 Oct 2024 18:47:32 +0800 -Subject: [PATCH] hostapd: Fix clearing up settings for color switch - -Settings for color switch (struct cca_settings settings) -is used without zero clearing, which causes the member -settings->ubpr->unsol_bcast_probe_resp_intervalettings -to be a random value. It is againsts the NLA policy of -NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT and causes -BSS color switch failure. - -Fixes: 654d2395dddf ("BSS coloring: Handling of collision events and triggering CCA") -Signed-off-by: Stone Zhang ---- - src/ap/hostapd.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/src/ap/hostapd.c -+++ b/src/ap/hostapd.c -@@ -4813,6 +4813,7 @@ static void hostapd_switch_color_timeout - struct cca_settings settings; - int ret; - -+ os_memset(&settings, 0, sizeof(settings)); - hostapd_cleanup_cca_params(bss); - bss->cca_color = r; - bss->cca_count = 10;