scottk/wlan-ap
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-ap.git synced 2025-10-29 09:32:34 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity
Files
19128346aecc61b5995abc3e40b02d316532fa29
wlan-ap/patches/wifi/0004-hostapd-pending-fixes.patch
John Crispin 19128346ae openwrt-21.02: update to latest upstream commit 
Signed-off-by: John Crispin <john@phrozen.org>
2022-02-04 08:06:06 +01:00

171 lines
5.5 KiB
Diff
Raw Blame History

From 83e8509388c5648dc8217b8f86d0461fade6a8d1 Mon Sep 17 00:00:00 2001
From: John Crispin <john@phrozen.org>
Date: Tue, 4 Jan 2022 07:01:41 +0100
Subject: [PATCH 4/4] hostapd: pending fixes
Signed-off-by: John Crispin <john@phrozen.org>
---
.../hostapd/files/hostapd-full.config | 4 +-
.../network/services/hostapd/files/hostapd.sh | 45 +++++++++++++------
2 files changed, 33 insertions(+), 16 deletions(-)
diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config
index dbc2022550..38a29143d5 100644
--- a/package/network/services/hostapd/files/hostapd-full.config
+++ b/package/network/services/hostapd/files/hostapd-full.config
@@ -94,10 +94,10 @@ CONFIG_EAP_TTLS=y
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
+CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
-#CONFIG_EAP_PWD=y
+CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index d9d5f34877..a56bc69562 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -48,13 +48,17 @@ hostapd_append_wpa_key_mgmt() {
;;
eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+ append wpa_key_mgmt "WPA-EAP-SHA256"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
;;
- eap-eap192)
- append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+ eap-eap256)
append wpa_key_mgmt "WPA-EAP"
+ append wpa_key_mgmt "WPA-EAP-SHA256"
+ [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+ ;;
+ eap256)
+ append wpa_key_mgmt "WPA-EAP-SHA256"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
- [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
;;
sae)
append wpa_key_mgmt "SAE"
@@ -345,7 +349,7 @@ hostapd_common_add_bss_config() {
config_add_boolean hs20 disable_dgaf osen
config_add_int anqp_domain_id
- config_add_int hs20_deauth_req_timeout
+ config_add_int hs20_deauth_req_timeout hs20_release
config_add_array hs20_oper_friendly_name
config_add_array osu_provider
config_add_array operator_icon
@@ -371,6 +375,8 @@ hostapd_common_add_bss_config() {
config_add_boolean fils
config_add_string fils_dhcp
+
+ config_add_boolean ratelimit
}
hostapd_set_vlan_file() {
@@ -422,7 +428,7 @@ append_iw_anqp_3gpp_cell_net() {
if [ -z "$iw_anqp_3gpp_cell_net_conf" ]; then
iw_anqp_3gpp_cell_net_conf="$1"
else
- iw_anqp_3gpp_cell_net_conf="$iw_anqp_3gpp_cell_net_conf:$1"
+ iw_anqp_3gpp_cell_net_conf="$iw_anqp_3gpp_cell_net_conf;$1"
fi
}
@@ -617,11 +623,11 @@ hostapd_set_bss_options() {
}
case "$auth_type" in
- sae|owe|eap192|eap-eap192)
+ sae|owe|eap192|eap256)
set_default ieee80211w 2
set_default sae_require_mfp 1
;;
- psk-sae)
+ psk-sae|eap-eap256)
set_default ieee80211w 1
set_default sae_require_mfp 1
;;
@@ -664,7 +670,7 @@ hostapd_set_bss_options() {
vlan_possible=1
wps_possible=1
;;
- eap|eap192|eap-eap192)
+ eap|eap192|eap-eap256|eap256)
json_get_vars \
auth_server auth_secret auth_port \
dae_client dae_secret dae_port \
@@ -930,7 +936,16 @@ hostapd_set_bss_options() {
json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
append bss_conf "ieee80211w=$ieee80211w" "$N"
[ "$ieee80211w" -gt "0" ] && {
- append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
+ case "$auth_type" in
+ eap192)
+ append bss_conf "group_mgmt_cipher=BIP-GMAC-256" "$N"
+ append bss_conf "group_cipher=GCMP-256" "$N"
+ ;;
+ *)
+ append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
+ ;;
+ esac
+
[ -n "$ieee80211w_max_timeout" ] && \
append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
[ -n "$ieee80211w_retry_timeout" ] && \
@@ -1045,12 +1060,13 @@ hostapd_set_bss_options() {
local hs20 disable_dgaf osen anqp_domain_id hs20_deauth_req_timeout \
osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp \
- hs20_t_c_server_url
+ hs20_t_c_server_url hs20_release
json_get_vars hs20 disable_dgaf osen anqp_domain_id hs20_deauth_req_timeout \
osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp \
- hs20_t_c_server_url
+ hs20_t_c_server_url hs20_release
set_default hs20 0
+ set_default hs20_release 1
set_default disable_dgaf $hs20
set_default osen 0
set_default anqp_domain_id 0
@@ -1058,6 +1074,7 @@ hostapd_set_bss_options() {
if [ "$hs20" = "1" ]; then
append bss_conf "hs20=1" "$N"
append_hs20_icons
+ append bss_conf "hs20_release=$hs20_release" "$N"
append bss_conf "disable_dgaf=$disable_dgaf" "$N"
append bss_conf "osen=$osen" "$N"
append bss_conf "anqp_domain_id=$anqp_domain_id" "$N"
@@ -1248,10 +1265,10 @@ wpa_supplicant_add_network() {
default_disabled
case "$auth_type" in
- sae|owe|eap192|eap-eap192)
+ sae|owe|eap-eap256)
set_default ieee80211w 2
;;
- psk-sae)
+ psk-sae|eap192|eap256)
set_default ieee80211w 1
;;
esac
@@ -1329,7 +1346,7 @@ wpa_supplicant_add_network() {
fi
append network_data "$passphrase" "$N$T"
;;
- eap|eap192|eap-eap192)
+ eap|eap192|eap-eap256|eap256)
hostapd_append_wpa_key_mgmt
key_mgmt="$wpa_key_mgmt"
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink