Re: [OpenWrt-Devel] [PATCH 1/2] Add support for AVM FritzBox 7360SL
On 19.05.2016 14:12, Sebastian Ortwein wrote: > Add support for FritzBox 7360SL > > working: USB,WIFI,SWITCH,LAN > > not working:DECT, Telephone > > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > as Martin wrote - please add a signed-off-by see https://dev.openwrt.org/wiki/SubmittingPatches ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 1/2] Add support for AVM FritzBox 7360SL
Hi, On 05/19/2016 02:12 PM, Sebastian Ortwein wrote: > Add support for FritzBox 7360SL Please send it inline with a Signed-off-by line. > working: USB,WIFI,SWITCH,LAN > > not working:DECT, Telephone This will probably never work, but should not block OpenWrt LEDE integration. If this is a 1.2 SoC you are using the wrong phy firmware, please use lantiq/vr9_phy11g_a2x.bin for Gigabit Phys on the 1.2 SoC. Hauke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] packages/openvpn: add support for tls-version-min
Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).
This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.
Signed-off-by: Matteo Panella
---
package/network/services/openvpn/files/openvpn.init | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/network/services/openvpn/files/openvpn.init
b/package/network/services/openvpn/files/openvpn.init
index 5396d0b..6dac7b3 100644
--- a/package/network/services/openvpn/files/openvpn.init
+++ b/package/network/services/openvpn/files/openvpn.init
@@ -121,7 +121,7 @@ start_instance() {
reneg_bytes reneg_pkts reneg_sec \
replay_persist replay_window resolv_retry route route_delay
route_gateway \
route_metric route_pre_down route_up rport script_security
secret server server_bridge setenv shaper sndbuf \
- socks_proxy status status_version syslog tcp_queue_limit
tls_auth \
+ socks_proxy status status_version syslog tcp_queue_limit
tls_auth tls_version_min \
tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology
tran_window \
tun_mtu tun_mtu_extra txqueuelen user verb down push up \
verify_x509_name x509_username_field \
--
2.8.3
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [LEDE-DEV] [PATCH libubox] blobmsg_json: add new functions blobmsg_format_json_value*
On 06/03/2016 04:55 PM, Eyal Birger wrote:
>
> Hi,
>
>> On 3 Jun 2016, at 13:11, Matthias Schiffer
>> wrote:
>>
> (snip)
>>
>> 1) and 2) would allow blobmsg to store everything that json-c can (with the
>> caveat that json-c stores integers as int64 internally, while blobmsg_json
>> uses int32) -
>
> We also noticed this as a problem for us since when converting json strings
> to blobmsg, integers become signed and thus no more than INT32_MAX can be
> used.
>
> Do you plans to approach this in your patchsets?
>
> Eyal
I don't think this can be fixed easily without having to adjust all
blobmsg_json users, as the blobmsg_policy entries contain
BLOBMSG_TYPE_INT32 everywhere. I don't know how much the ubus methods are
considered unchangeable ABI.
Possible approaches include:
1) Always map JSON intergers to int64. Will cause an incompatible ABI
change for all ubus calls when used with blobmsg_json.
2) Add new blobmsg_add_json_* functions which use int64. The caller of a
ubus method would need to know if the service excepts int32 or int64
integers, making this more or less unusable for the ubus CLI tool
3) Adjust blobmsg_add_json_* to encode integers as int32 or int64 depending
on the value itself. We'd need to extend the blobmsg_policy with some kind
of BLOBMSG_TYPE_INT which accepts both int32 and int64, and add a
blobmsg_get_int function that can work with different lengths. Existing
software would continue to work as long as the supplied values fit into an
int32.
4) Introduce a new BLOBMSG_TYPE_INT type for variable-length integers,
together with a blobmsg_get_int function (note that, in contrast to 3),
BLOBMSG_TYPE_INT is a real blobmsg type in this approach). The length of
records is encoded in the blobmsg format already. Again, this approach
would need all software to be adjusted.
1) and 4) are very similar and would cause a hard ABI break for many ubus
methods. If we want to avoid a flagday change, 3) seems like the best
option - or some other approach I haven't listed?
Matthias
>
>> do you think these changes make sense?
>>
>> Would there also be general interest in 3), so it might be integrated into
>> libubox?
>>
>> Regards,
>> Matthias
>>
>>
>>>
Signed-off-by: Matthias Schiffer
---
blobmsg_json.c | 49 -
blobmsg_json.h | 14 ++
2 files changed, 50 insertions(+), 13 deletions(-)
diff --git a/blobmsg_json.c b/blobmsg_json.c
index 5713948..538c816 100644
--- a/blobmsg_json.c
+++ b/blobmsg_json.c
@@ -207,7 +207,7 @@ static void blobmsg_format_string(struct strbuf *s,
const char *str)
static void blobmsg_format_json_list(struct strbuf *s, struct blob_attr
*attr, int len, bool array);
-static void blobmsg_format_element(struct strbuf *s, struct blob_attr
*attr, bool array, bool head)
+static void blobmsg_format_element(struct strbuf *s, struct blob_attr
*attr, bool without_name, bool head)
{
const char *data_str;
char buf[32];
@@ -217,7 +217,7 @@ static void blobmsg_format_element(struct strbuf *s,
struct blob_attr *attr, boo
if (!blobmsg_check_attr(attr, false))
return;
-if (!array && blobmsg_name(attr)[0]) {
+if (!without_name && blobmsg_name(attr)[0]) {
blobmsg_format_string(s, blobmsg_name(attr));
blobmsg_puts(s, ": ", s->indent ? 2 : 1);
}
@@ -286,22 +286,26 @@ static void blobmsg_format_json_list(struct strbuf
*s, struct blob_attr *attr, i
blobmsg_puts(s, (array ? "]" : "}"), 1);
}
+static void setup_strbuf(struct strbuf *s, struct blob_attr *attr,
blobmsg_json_format_t cb, void *priv, int indent) {
+s->len = blob_len(attr);
+s->buf = malloc(s->len);
+s->pos = 0;
+s->custom_format = cb;
+s->priv = priv;
+s->indent = false;
+
+if (indent >= 0) {
+s->indent = true;
+s->indent_level = indent;
+}
+}
+
char *blobmsg_format_json_with_cb(struct blob_attr *attr, bool list,
blobmsg_json_format_t cb, void *priv, int indent)
{
struct strbuf s;
bool array;
-s.len = blob_len(attr);
-s.buf = malloc(s.len);
-s.pos = 0;
-s.custom_format = cb;
-s.priv = priv;
-s.indent = false;
-
-if (indent >= 0) {
-s.indent = true;
-s.indent_level = indent;
-}
+setup_strbuf(&s, attr, cb, priv, indent);
array = blob_is_extended(attr) &&
blobmsg_type(attr) == BLOBMSG_TYPE_ARRAY;
@@ -321,3 +325,22 @@ char *blobmsg_format_json_with_cb(struct blob_attr
*attr, bool list, blobmsg_jso
return s.buf;
}
+
+char *blobmsg_format_json_value_with_cb(struct blob_attr *attr,
blobmsg_json_format
[OpenWrt-Devel] [PATCH] wpa_supplicant: Enable TLSv1.1 and TLSv1.2 Support
-Changes: 1) Adding CONFIG_TLSV11=y 2) Adding CONFIG_TLSV12=y -Description: Enable wpa_supplicant support for TLS version 1.1 and 1.2 Signed-off-by: Bima Hutama --- package/network/services/hostapd/files/wpa_supplicant-full.config | 6 ++ 1 file changed, 6 insertions(+) diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config index 53c0762..7685606 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -307,6 +307,12 @@ CONFIG_IEEE80211W=y # none = Empty template CONFIG_TLS=internal +# Add wpa_supplicant support for TLS version 1.1 +CONFIG_TLSV11=y + +# Add wpa_supplicant support for TLS version 1.2 +CONFIG_TLSV12=y + # Whether to enable TLS/IA support, which is required for EAP-TTLSv1. # You need CONFIG_TLS=gnutls for this to have any effect. Please note that # even though the core GnuTLS library is released under LGPL, this extra -- 2.1.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] wpa_supplicant: Add Write Log to File Support
-Change: Enable CONFIG_DEBUG_FILE=y -Description: Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt). By invoking "-f " in wpa_supplicant we can enable write-debug-to-file without running wpa_supplicant on foreground. It makes debugging easier than running wpa_supplicant in foreground and add "&" at the end of code which invokes wpa_supplicant and distorting the wpa_supplicant exit status $?. Signed-off-by: Bima Hutama --- package/network/services/hostapd/files/wpa_supplicant-full.config | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config index 7685606..b11fffa 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -379,7 +379,11 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y CONFIG_IEEE80211R=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) -#CONFIG_DEBUG_FILE=y +# By invoking "-f " we can enable write-debug-to-file without +# running wpa_supplicant on foreground. It makes debugging easier than running +# wpa_supplicant in foreground and add "&" at the end of the code which invokes +# wpa_supplicant and distorting the wpa_supplicant exit status. +CONFIG_DEBUG_FILE=y # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y -- 2.1.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] wpa_supplicant: Enable 802.11n and 802.11ac Support
-Changes: 1) Add CONFIG_IEEE80211N=y 2) Add CONFIG_IEEE80211AC=y -Description: Enabling native support of 802.11n and 802.11ac standards in wpa_supplicant Signed-off-by: Bima Hutama --- package/network/services/hostapd/files/wpa_supplicant-full.config | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config index b11fffa..b0d1de3 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -414,3 +414,6 @@ CONFIG_NO_RANDOM_POOL=y NEED_80211_COMMON=y CONFIG_IBSS_RSN=y + +CONFIG_IEEE80211N=y +CONFIG_IEEE80211AC=y -- 2.1.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] wpa_supplicant: Enable Interworking (802.11u) Support
-Change: Add CONFIG_INTERWORKING=y -Description: It enables functionality to improve interworking with external networks (GAS/ANQP to learn more about the networks and network selection based on available credentials). This functionality was already enabled in hostapd build config, but not in wpa_supplicant. Enabling this for wpa_supplicant ensures compatibility with modern AP and wpa_supplicant will obey advertised 802.11u standard from another hostapd-openwrt-802.11u-enabled-AccesPoint. I will try to write wiki for it and make it configurable from uci. Signed-off-by: Bima Hutama --- package/network/services/hostapd/files/wpa_supplicant-full.config | 6 ++ 1 file changed, 6 insertions(+) diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config index b0d1de3..e23ea4c 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -417,3 +417,9 @@ CONFIG_IBSS_RSN=y CONFIG_IEEE80211N=y CONFIG_IEEE80211AC=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +CONFIG_INTERWORKING=y -- 2.1.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] hostapd/wpa_supplicant: Fix PMF_Cert_Programm (802.11w) stronger algorithm
-Changed:
1) Moving variable ieee80211w within hostapd_set_bss_options() function
to json_get_vars
2) Changes in netifd.sh (for wpa_supplicant):
2.1) Adding 2 AKMs (key_mgmt=WPA-PSK WPA-PSK-SHA256) if 802.11w=1
(pmf_optional)
2.2) Adding 2 AKMs (key_mgmt=WPA-EAP WPA-EAP-SHA256) if 802.11w=1
(pmf_optional)
2.3) Changing to 1 AKM (key_mgmt=WPA-PSK-SHA256) to support only
WPA-PSK-SHA256 if 802.11w=2 (pmf_required)
2.4) Changing to 1 AKM (key_mgmt=WPA-EAP-SHA256) to support only
WPA-EAP-SHA256 if 802.11w=2 (pmf_required)
3) Deleting json_get_var ieee80211w ieee80211w, as it was moved to
json_get_vars
4) Changes in netifd.sh (for hostapd):
4.1) Adding 2 AKMs (wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256) if 802.11w=1
(pmf_optional)
4.2) Adding 2 AKMs (wpa_key_mgmt=WPA-EAP WPA-EAP-SHA256) if 802.11w=1
(pmf_optional)
4.3) Changing to 1 AKM (wpa_key_mgmt=WPA-PSK-SHA256) to support only
WPA-PSK-SHA256 if 802.11w=2 (pmf_required)
4.4) Changing to 1 AKM (wpa_key_mgmt=WPA-EAP-SHA256) to support only
WPA-EAP-SHA256 if 802.11w=2 (pmf_required)
-Description:
I tested 802.11w (Protected Management Frame) by setting it to
required-mode (ieee802.11w=2) and some clients which
strictly obeys the PMF Certification Programm will not connect to the
AP (like windows 10 with PMF enabled driver).
It is caused by the hostapd doesn't correctly implement the standards
of 802.11w according to PMF Certification
Programm. After I hacked it, It works flawlessly and there is no more
problem with windows 10 clients.
According to:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
,with the search keyword "certification program", the PMF Certification
Programm defined standards 2 AKMs for
pmf-optional and only 1 AKM for pmf-required, rather than only 1 AKM
(WPA-PSK or WPA-EAP) for all situations.
This patch also adds automatically support for the stronger
SHA-256-based algorithm.
Signed-off-by: Bima Hutama
---
package/network/services/hostapd/files/netifd.sh | 51 +---
1 file changed, 45 insertions(+), 6 deletions(-)
diff --git a/package/network/services/hostapd/files/netifd.sh
b/package/network/services/hostapd/files/netifd.sh
index 005112d..21caaf8 100644
--- a/package/network/services/hostapd/files/netifd.sh
+++ b/package/network/services/hostapd/files/netifd.sh
@@ -186,7 +186,7 @@ hostapd_set_bss_options() {
wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \
wps_device_type wps_device_name wps_manufacturer wps_pin \
macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \
- iapp_interface eapol_version
+ iapp_interface eapol_version ieee80211w
set_default isolate 0
set_default maxassoc 0
@@ -245,7 +245,17 @@ hostapd_set_bss_options() {
[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2"
] && append bss_conf "eapol_version=$eapol_version" "$N"
wps_possible=1
- append wpa_key_mgmt "WPA-PSK"
+ case "$ieee80211w" in
+ 1)
+ append wpa_key_mgmt "WPA-PSK
WPA-PSK-SHA256"
+ ;;
+ 2)
+ append wpa_key_mgmt "WPA-PSK-SHA256"
+ ;;
+ *)
+ append wpa_key_mgmt "WPA-PSK"
+ ;;
+ esac
;;
eap)
json_get_vars \
@@ -289,7 +299,17 @@ hostapd_set_bss_options() {
[ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip"
"$N"
append bss_conf "eapol_key_index_workaround=1" "$N"
append bss_conf "ieee8021x=1" "$N"
- append wpa_key_mgmt "WPA-EAP"
+ case "$ieee80211w" in
+ 1)
+ append wpa_key_mgmt "WPA-EAP
WPA-EAP-SHA256"
+ ;;
+ 2)
+ append wpa_key_mgmt "WPA-EAP-SHA256"
+ ;;
+ *)
+ append wpa_key_mgmt "WPA-EAP"
+ ;;
+ esac
[ -n "$dynamic_vlan" ] && {
append bss_conf "dynamic_vlan=$dynamic_vlan"
"$N"
@@ -408,7 +428,6 @@ hostapd_set_bss_options() {
[ "$auth_cache" = 0 ] && append bss_conf
"disable_pmksa_caching=1" "$N"
# RSN -> allow management frame protection
-
