[OpenWrt-Devel] [PATCH 7/7] hostapd: recognize 8021x as an authentication mode
From: Mathieu Olivari Currently, in order to configure the authentication daemon in 8021x mode, we need to set wireless.@wifi-iface[0].encryption="wpa" Though it works it confuses folks as 8021x is using WEP encryption and not WPA. Therefore the terminology itself is confusing. This change adds 8021x as a recognized string for 8021x authentication. Signed-off-by: Mathieu Olivari Signed-off-by: Luis R. Rodriguez --- package/network/services/hostapd/files/hostapd.sh |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 8e51fe7..1cd4283 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -93,7 +93,7 @@ hostapd_set_bss_options() { [ -n "$wpa_pair_rekey" ] && append "$var" "wpa_ptk_rekey=$wpa_pair_rekey""$N" [ -n "$wpa_master_rekey" ] && append "$var" "wpa_gmk_rekey=$wpa_master_rekey" "$N" ;; - *wpa*) + *wpa*|*8021x*) # required fields? formats? # hostapd is particular, maybe a default configuration for failures config_get auth_server "$vif" auth_server -- 1.7.10.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 5/7] hostapd: prompt user confirmation when WPS is used with hiden ssid
From: Mathieu Olivari This is required explicitly for WPS 2.0 testing. Signed-off-by: Mathieu Olivari Signed-off-by: Sujith Manoharan Signed-off-by: Luis R. Rodriguez --- package/network/services/hostapd/files/hostapd.sh | 11 +++ 1 file changed, 11 insertions(+) diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index ce0f227..56e6eb0 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -190,6 +190,17 @@ hostapd_set_bss_options() { config_get config_methods "$vif" wps_config [ "$wps_pbc" -gt 0 ] && append config_methods push_button + # For WPS 2.0 testing, the testing requires this as a feature. + # If we're configured to enable WPS and we hide our SSID, then + # we have to require an "explicit user operation to continue" + config_get_bool hidden "$vif" hidden 0 + [ -n "$wps_possible" -a -n "$config_methods" -a "$hidden" -gt 0 ] && { + echo "Hidden SSID is enabled on \"$ifname\", WPS will be automatically disabled" + echo "Please press any key to continue." + read -s -n 1 + wps_possible= + } + [ -n "$wps_possible" -a -n "$config_methods" ] && { config_get device_type "$vif" wps_device_type "6-0050F204-1" config_get device_name "$vif" wps_device_name "OpenWrt AP" -- 1.7.10.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 6/7] hostapd: add external registrar support
From: Mathieu Olivari Setting wireless.@wifi-iface[N].ext_registrar=1 will enable UPNP advertising and add an external registrar to the interface this vif belongs to (br-lan if the vif is included in the LAN bridge). By enabling this we append upnp_iface=xxx to the hostapd config file. Signed-off-by: Sujith Manoharan Signed-off-by: Mathieu Olivari Signed-off-by: Luis R. Rodriguez --- package/network/services/hostapd/files/hostapd.sh |3 +++ 1 file changed, 3 insertions(+) diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 56e6eb0..8e51fe7 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -207,6 +207,9 @@ hostapd_set_bss_options() { config_get manufacturer "$vif" wps_manufacturer "openwrt.org" config_get wps_pin "$vif" wps_pin "12345670" + config_get_bool ext_registrar "$vif" ext_registrar 0 + [ "$ext_registrar" -gt 0 -a -n "$bridge" ] && append "$var" "upnp_iface=$bridge" "$N" + append "$var" "eap_server=1" "$N" append "$var" "ap_pin=$wps_pin" "$N" append "$var" "wps_state=${wps_not_configured:-2}" "$N" -- 1.7.10.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 4/7] hostapd: enable WPS2 support on hostapd-full.config
From: Sujith Manoharan Enable CONFIG_WPS2 for hostapd. This is required to support options like Virtual Push Button in WPS. Signed-off-by: Sujith Manoharan Signed-off-by: Luis R. Rodriguez --- package/network/services/hostapd/files/hostapd-full.config |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config index c88fedd..ae0c7cc 100644 --- a/package/network/services/hostapd/files/hostapd-full.config +++ b/package/network/services/hostapd/files/hostapd-full.config @@ -107,7 +107,8 @@ CONFIG_EAP_TTLS=y #CONFIG_EAP_FAST=y # Wi-Fi Protected Setup (WPS) -#CONFIG_WPS=y +CONFIG_WPS=y +CONFIG_WPS2=y # Enable UPnP support for external WPS Registrars #CONFIG_WPS_UPNP=y -- 1.7.10.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 1/7] hostapd: Add eap_reauth_period config option
From: Mathieu Olivari This adds the eap_reauth_period to be used for modifying the RADIUS server reauthentication authentication period, a parameter that gets passed directly to the hostapd configuration file. Signed-off-by: Mathieu Olivari Signed-off-by: Luis R. Rodriguez --- package/network/services/hostapd/files/hostapd.sh |2 ++ 1 file changed, 2 insertions(+) diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index e25e870..0f1a619 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -108,6 +108,8 @@ hostapd_set_bss_options() { [ -n "$acct_port" ] && append "$var" "acct_server_port=$acct_port" "$N" config_get acct_secret "$vif" acct_secret [ -n "$acct_secret" ] && append "$var" "acct_server_shared_secret=$acct_secret" "$N" + config_get eap_reauth_period "$vif" eap_reauth_period + [ -n "$eap_reauth_period" ] && append "$var" "eap_reauth_period=$eap_reauth_period" "$N" config_get dae_client "$vif" dae_client config_get dae_secret "$vif" dae_secret [ -n "$dae_client" -a -n "$dae_secret" ] && { -- 1.7.10.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 2/7] hostapd: Add WPS unconfigured & WPS pin method support
From: Mathieu Olivari Signed-off-by: Mathieu Olivari Signed-off-by: Luis R. Rodriguez --- package/network/services/hostapd/files/hostapd.sh | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 0f1a619..aace21c 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -3,7 +3,7 @@ hostapd_set_bss_options() { local vif="$2" local enc wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wps_possible - config_get enc "$vif" encryption + config_get enc "$vif" encryption "none" config_get wep_rekey"$vif" wep_rekey# 300 config_get wpa_group_rekey "$vif" wpa_group_rekey # 300 config_get wpa_pair_rekey "$vif" wpa_pair_rekey # 300 @@ -73,6 +73,14 @@ hostapd_set_bss_options() { # use crypto/auth settings for building the hostapd config case "$enc" in + none) + wps_possible=1 + wpa=0 + crypto= + # Here we make the assumption that if we're in open mode + # with WPS enabled, we got to be in unconfigured state. + wps_not_configured=1 + ;; *psk*) config_get psk "$vif" key if [ ${#psk} -eq 64 ]; then @@ -182,10 +190,12 @@ hostapd_set_bss_options() { config_get device_type "$vif" wps_device_type "6-0050F204-1" config_get device_name "$vif" wps_device_name "OpenWrt AP" config_get manufacturer "$vif" wps_manufacturer "openwrt.org" + config_get wps_pin "$vif" wps_pin "12345670" append "$var" "eap_server=1" "$N" - append "$var" "wps_state=2" "$N" - append "$var" "ap_setup_locked=1" "$N" + append "$var" "ap_pin=$wps_pin" "$N" + append "$var" "wps_state=${wps_not_configured:-2}" "$N" + append "$var" "ap_setup_locked=0" "$N" append "$var" "device_type=$device_type" "$N" append "$var" "device_name=$device_name" "$N" append "$var" "manufacturer=$manufacturer" "$N" -- 1.7.10.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 3/7] hostapd: fix hostapd RSN preauthentication PMKSA caching
From: "Luis R. Rodriguez" In 2009 OpenWrt's hostapd config added an "auth_cache" boolean to be used to address a reported issue #12129 [0] on a forum [1]. The reported issue on the ticket is different that the one described on the forum. The commit was r33359. This change broke proper RSN preauthentication [2] [3] [4] expectations on hostapd's configuration for WPA2 and this in turn disabled PMKSA caching and Opportunistic Key Caching. This change: * Leaves the "auth_cache" to be used only for WPA networks for those looking to use this as a workaround to a reported issue but annotates a warning over its usage. * Separate "auth_cache" from WPA2 RSN preauthentication, leaving WPA2 RSN preauthentication to enabled only with "rsn_preauth" with the expected and recommended settings. * Adds a new WPA2 RSN preauthentication "rsn_preauth_testing" to be used when evaluating funcionality for WPA2 RSN preauthentication with the expected and recommended settings with the only difference so far with what should be enabled by default to disable Opportunistic Key Caching. Disabling the PMKSA cache should mean the STA could not roam off and back onto the AP that had PMKSA caching disabled and would require a full authentication cycle. This fixes this for WPA2 networks with RSN preauthentication enabled. This change should be applied to AA as well as trunk. TL DR; The issue described on the forum has to do with failure of a STA being able to try to authenticate again with the AP if it failed its first try. This may have been an issue with hostapd in 2009 but as per some tests I cannot reproduce this today on a WPA2 network. The issue described on the ticket alludes to a security issue with the design of using a Radius server to authenticate to an AP. The issue vaguely alludes to the circumstances of zapping a user, deleting their authentication credentials to log in to the network, and that if RSN preauthentication is enabled with PMKSA caching that the user that was zapped would still be able to authenticate. Lets treat these as separate issues. I cannot reproduce the first issue reported on the forums of not being able to authenticate anymore on a WPA2 network. The issue reported on the ticket modified WPA2 RSN preauthentication by adding two fields to the hostapd configuration if auth_cache was enabled: * disable_pmksa_caching=1 * okc=0 The first one disables PMKSA authentication cache. The second one disables Opportunistic Key Caching. The issue reported on the ticket was fixed by implementing a workaround in hostapd's configuration. Disabling PMKSA caching breaks proper use of WPA2 RSN pre authentication. The usage of disable_pmksa_caching=1 prevents hostapd from adding PMKSA entries into its cache when a successful 802.1x authentication occurs. In practice RSN preauthentication would trigger a STA to perform authentication with other APs on the same SSID, it would then have its own supplicant PMKSA cache held. If a STA roams between one AP to another no new authenitcation would need to be performed as the new AP would already have authenticated the STA. The purpose of the PMKSA cache on the AP side would be for the AP to use the same PMKID for a STA when the STA roams off onto another BSSID and later comes back to it. Disabling Opportunistic Key Caching could help the reported issue as well but its not the correct place to address this. Opportunistic Key Caching enables an AP with different interfaces to share the PMKSA cache. Its a technical enhancement and disabling it would be useful to let a testing suite properly test for RSN preauthentication given that otherwise Opportunistic Key Caching would enable an interface being tested to derive its own derive the PMKSA entry. In production though okc=1 should be enabled to help with RSN preauthentication. The real fix for this particular issue outside of the scope of hostapd's configuration and it should not be dealt with as a workaround to its configuration and breaking expected RSN preauthentication and technical optimizations. Revert this change and enable users to pick and choose to enable or disable disable_pmksa_caching and okc expecting them to instead have read clearly more what these do. As for the core issure ported, the correct place to fix this is to enable a sort of messaging between the RADIUS server and its peers so that if caching for authentication is enabled that cache can be cleared upon user credential updates. Updating a user password (not just zapping a user) is another possible issue that would need to be resolved here. Another part of the solution might be to reduce the cache timing to account for any systematic limitations (RADIUS server not able to ask peers to clear cache might be one). [0] https://dev.openwrt.org/changeset/33359 [1] https://forum.openwrt.org/viewtopic.php?id=19596 [2] http://
[OpenWrt-Devel] [PATCH 0/7] hostapd: series of hostapd fixes
From: "Luis R. Rodriguez" Here's a series of hostapd fixes that have helped pass both 802.11n and WPS testings. Luis R. Rodriguez (1): hostapd: fix hostapd RSN preauthentication PMKSA caching Mathieu Olivari (5): hostapd: Add eap_reauth_period config option hostapd: Add WPS unconfigured & WPS pin method support hostapd: prompt user confirmation when WPS is used with hiden ssid hostapd: add external registrar support hostapd: recognize 8021x as an authentication mode Sujith Manoharan (1): hostapd: enable WPS2 support on hostapd-full.config .../services/hostapd/files/hostapd-full.config |3 +- package/network/services/hostapd/files/hostapd.sh | 59 +--- 2 files changed, 53 insertions(+), 9 deletions(-) -- 1.7.10.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] packages: enable ip on busybox
On Fri, Sep 6, 2013 at 12:39 PM, Luis R. Rodriguez wrote: > From: "Luis R. Rodriguez" > > iw is to iwconfig as > ip is to ifconfig > > As with iwconfig, ifconfig is deprecated, promote usage of ip > using netlink. > > Signed-off-by: Luis R. Rodriguez Actually perhaps its best to enable iproute2 package instead. Luis ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] packages: enable ip on busybox
From: "Luis R. Rodriguez" iw is to iwconfig as ip is to ifconfig As with iwconfig, ifconfig is deprecated, promote usage of ip using netlink. Signed-off-by: Luis R. Rodriguez --- package/utils/busybox/config/networking/Config.in | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package/utils/busybox/config/networking/Config.in b/package/utils/busybox/config/networking/Config.in index 442eb03..d8f4351 100644 --- a/package/utils/busybox/config/networking/Config.in +++ b/package/utils/busybox/config/networking/Config.in @@ -591,7 +591,7 @@ config BUSYBOX_CONFIG_FEATURE_INETD_RPC config BUSYBOX_CONFIG_IP bool "ip" - default n + default y select BUSYBOX_CONFIG_PLATFORM_LINUX help The "ip" applet is a TCP/IP interface configuration and routing @@ -600,35 +600,35 @@ config BUSYBOX_CONFIG_IP config BUSYBOX_CONFIG_FEATURE_IP_ADDRESS bool "ip address" - default n + default y depends on BUSYBOX_CONFIG_IP help Address manipulation support for the "ip" applet. config BUSYBOX_CONFIG_FEATURE_IP_LINK bool "ip link" - default n + default y depends on BUSYBOX_CONFIG_IP help Configure network devices with "ip". config BUSYBOX_CONFIG_FEATURE_IP_ROUTE bool "ip route" - default n + default y depends on BUSYBOX_CONFIG_IP help Add support for routing table management to "ip". config BUSYBOX_CONFIG_FEATURE_IP_TUNNEL bool "ip tunnel" - default n + default y depends on BUSYBOX_CONFIG_IP help Add support for tunneling commands to "ip". config BUSYBOX_CONFIG_FEATURE_IP_RULE bool "ip rule" - default n + default y depends on BUSYBOX_CONFIG_IP help Add support for rule commands to "ip". -- 1.7.10.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] mac80211: make package depend on readlink requirements
On Thu, Sep 5, 2013 at 2:46 AM, Felix Fietkau wrote: > On 2013-09-04 7:37 PM, Luis R. Rodriguez wrote: >> On Thu, Aug 29, 2013 at 06:12:02PM +0200, Felix Fietkau wrote: >>> On 2013-08-28 10:30 PM, Luis R. Rodriguez wrote: >>> > From: "Luis R. Rodriguez" >>> > >>> > The mac80211.sh script uses readlink -f which requires >>> > >>> > CONFIG_BUSYBOX_CONFIG_READLINK >>> > CONFIG_BUSYBOX_CONFIG_FEATURE_READLINK_FOLLOW >>> > >>> > Without these wifi detect will fail and users end up >>> > puzzled with error messages such as: >>> > >>> > PHY for wifi device radio0 not found >>> > >>> > This is due to the fact that without these options >>> > mac80211.sh readlink -f command will fail and not >>> > assign the appropriate phy for the devices. This >>> > fixes initial configuration with OpenWrt with the >>> > as 'wifi detect > /etc/config/wireless' depends on >>> > mac80211.sh. >>> > >>> > Cc: Kalle Valo >>> > Cc: Kathy Giori >>> > Cc: Mathieu Olivari >>> > Cc: Jerome Proffit >>> > Cc: Sujith Manoharan >>> > Cc: Matthew McClintock >>> > Signed-off-by: Luis R. Rodriguez >>> NACK. readlink is enabled by default in the busybox config, and it's >>> needed by other things as well, including base-files (rc.common). >>> Adding these dependencies to the mac80211 package thus seems a bit >>> arbitrary and out of place. >>> I think at some point it probably makes sense to remove the top-level >>> busybox menuconfig integration and treat its configuration more like >>> kernel_menuconfig. >> >> Does it also enable by default BUSYBOX_CONFIG_FEATURE_READLINK_FOLLOW ? >> At least on AA it does not seem like so. > I just fixed that, as of r37896 it gets enabled by default. Thanks, odd though I don't see that on the git tree [0], I see r37897 and r37895 but not r37896. Is this in another tree perhaps? git://nbd.name/openwrt.git Luis ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] base-files: add color to PS1
From: "Luis R. Rodriguez" Signed-off-by: Luis R. Rodriguez --- package/base-files/files/etc/profile |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/base-files/files/etc/profile b/package/base-files/files/etc/profile index e9a7119..7caabf1 100644 --- a/package/base-files/files/etc/profile +++ b/package/base-files/files/etc/profile @@ -4,7 +4,7 @@ export PATH=/usr/bin:/usr/sbin:/bin:/sbin export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6) export HOME=${HOME:-/root} -export PS1='\u@\h:\w\$ ' +export PS1="\[\033[01;31m\]\u@\[\033[01;33m\]\h\[\033[01;34m\] \w \[\033[31m\]\\[\033[00m\]#\[\033[00m\] " [ -x /bin/more ] || alias more=less [ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi -- 1.7.10.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] mac80211: make package depend on readlink requirements
From: "Luis R. Rodriguez" The mac80211.sh script uses readlink -f which requires CONFIG_BUSYBOX_CONFIG_READLINK CONFIG_BUSYBOX_CONFIG_FEATURE_READLINK_FOLLOW Without these wifi detect will fail and users end up puzzled with error messages such as: PHY for wifi device radio0 not found This is due to the fact that without these options mac80211.sh readlink -f command will fail and not assign the appropriate phy for the devices. This fixes initial configuration with OpenWrt with the as 'wifi detect > /etc/config/wireless' depends on mac80211.sh. Cc: Kalle Valo Cc: Kathy Giori Cc: Mathieu Olivari Cc: Jerome Proffit Cc: Sujith Manoharan Cc: Matthew McClintock Signed-off-by: Luis R. Rodriguez --- package/kernel/mac80211/Makefile |2 ++ 1 file changed, 2 insertions(+) diff --git a/package/kernel/mac80211/Makefile b/package/kernel/mac80211/Makefile index 6f25413..bf03f56 100644 --- a/package/kernel/mac80211/Makefile +++ b/package/kernel/mac80211/Makefile @@ -56,12 +56,14 @@ define KernelPackage/mac80211/Default URL:=http://linuxwireless.org/ MAINTAINER:=Felix Fietkau DEPENDS:=@(!(TARGET_avr32||TARGET_ps3||TARGET_pxcab)||BROKEN) + DEPENDS+= +@BUSYBOX_CONFIG_READLINK +@BUSYBOX_CONFIG_FEATURE_READLINK_FOLLOW endef define KernelPackage/cfg80211 $(call KernelPackage/mac80211/Default) TITLE:=cfg80211 - wireless configuration API DEPENDS+= +iw + DEPENDS+= +@BUSYBOX_CONFIG_READLINK +@BUSYBOX_CONFIG_FEATURE_READLINK_FOLLOW FILES:= \ $(PKG_BUILD_DIR)/compat/compat.ko \ $(PKG_BUILD_DIR)/net/wireless/cfg80211.ko -- 1.7.10.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] ath10k: enable Atheros 802.11ac driver
From: "Luis R. Rodriguez" This enables usage of the ath10k driver on OpenWrt. Only 2.0 PCI hardware is supported. The ath10k firmware is currently only available through github so use that as its source for now. This goes build tested, not run time tested. Cc: ath...@lists.infradead.org Cc: Kalle Valo Cc: Kathy Giori Cc: Mathieu Olivari Cc: Jerome Proffit Cc: Sujith Manoharan Cc: Matthew McClintock Signed-off-by: Luis R. Rodriguez --- package/kernel/mac80211/Makefile | 52 +- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/package/kernel/mac80211/Makefile b/package/kernel/mac80211/Makefile index 5bef361..65c7eb3 100644 --- a/package/kernel/mac80211/Makefile +++ b/package/kernel/mac80211/Makefile @@ -27,7 +27,7 @@ PKG_DRIVERS = \ rt2x00-lib rt2x00-pci rt2x00-usb rt2x00-soc rt2800-lib rt2400-pci \ rt2500-pci rt2500-usb rt61-pci rt73-usb rt2800-pci rt2800-usb \ rtl8180 rtl8187 zd1211rw mac80211-hwsim carl9170 b43 b43legacy \ - ath9k-common ath9k ath9k-htc ath net-libipw net-ipw2100 net-ipw2200 \ + ath9k-common ath9k ath9k-htc ath10k ath net-libipw net-ipw2100 net-ipw2200 \ mwl8k net-hermes net-hermes-pci net-hermes-plx net-hermes-pcmcia \ iwl-legacy iwl3945 iwl4965 iwlagn wl12xx lib80211 \ rtlwifi rtlwifi-pci rtlwifi-usb rtl8192c-common rtl8192ce rtl8192se \ @@ -125,6 +125,24 @@ define Download/linux-firmware endef $(eval $(call Download,linux-firmware)) +PKG_ATH10K_LINUX_FIRMWARE_NAME:=ath10k-firmware +PKG_ATH10K_LINUX_FIRMWARE_VERSION:=9374d42c01bd84487855af9f9bffc622c50e7331 +PKG_ATH10K_LINUX_FIRMWARE_SOURCE:=$(PKG_ATH10K_LINUX_FIRMWARE_NAME)-$(PKG_ATH10K_LINUX_FIRMWARE_VERSION).tar.bz2 +PKG_ATH10K_LINUX_FIRMWARE_PROTO:=git +PKG_ATH10K_LINUX_FIRMWARE_SOURCE_URL:=https://github.com/kvalo/ath10k-firmware.git +PKG_ATH10K_LINUX_FIRMWARE_SUBDIR:=$(PKG_ATH10K_LINUX_FIRMWARE_NAME)-$(PKG_ATH10K_LINUX_FIRMWARE_VERSION) +#PKG_ATH10K_LINUX_FIRMWARE_MIRROR_MD5SUM:=? + +define Download/ath10k-firmware + FILE:=$(PKG_ATH10K_LINUX_FIRMWARE_SOURCE) + URL:=$(PKG_ATH10K_LINUX_FIRMWARE_SOURCE_URL) + PROTO:=$(PKG_ATH10K_LINUX_FIRMWARE_PROTO) + VERSION:=$(PKG_ATH10K_LINUX_FIRMWARE_VERSION) + SUBDIR:=$(PKG_ATH10K_LINUX_FIRMWARE_SUBDIR) + #MIRROR_MD5SUM:=$(PKG_ATH10K_LINUX_FIRMWARE_MIRROR_MD5SUM) +endef +$(eval $(call Download,ath10k-firmware)) + # Prism54 drivers P54PCIFW:=2.13.12.0.arm P54USBFW:=2.13.24.0.lm87.arm @@ -566,6 +584,23 @@ This module adds support for wireless adapters based on Atheros USB AR9271 and AR7010 family of chipsets. endef +define KernelPackage/ath10k + $(call KernelPackage/mac80211/Default) + TITLE:=Atheros 802.11ac wireless cards support + URL:=http://wireless.kernel.org/en/users/Drivers/ath10k + DEPENDS+= @PCI_SUPPORT +kmod-ath + FILES:= \ + $(PKG_BUILD_DIR)/drivers/net/wireless/ath/ath10k/ath10k_core.ko \ + $(PKG_BUILD_DIR)/drivers/net/wireless/ath/ath10k/ath10k_pci.ko + AUTOLOAD:=$(call AutoLoad,55,ath10k) +endef + +define KernelPackage/ath10k/description +This module adds support for wireless adapters based on +Atheros IEEE 802.11ac family of chipsets. For now only +PCI is supported. +endef + define KernelPackage/carl9170 $(call KernelPackage/mac80211/Default) TITLE:=Driver for Atheros AR9170 USB sticks @@ -1314,6 +1349,7 @@ config-$(CONFIG_PCI) += ATH9K_PCI config-$(CONFIG_ATH_USER_REGD) += ATH_USER_REGD config-$(call config_package,ath9k-htc) += ATH9K_HTC +config-$(call config_package,ath10k) += ATH10K ATH10K_PCI ATH10K_DEBUG ATH10K_DEBUGFS config-$(call config_package,ath5k) += ATH5K ifdef CONFIG_TARGET_atheros @@ -1437,6 +1473,7 @@ define Build/Prepare $(TAR) -C $(PKG_BUILD_DIR) -xzf $(DL_DIR)/$(IPW2200_NAME)-$(IPW2200_VERSION).tgz $(TAR) -C $(PKG_BUILD_DIR) -xjf $(DL_DIR)/$(ZD1211FW_NAME)-$(ZD1211FW_VERSION).tar.bz2 $(TAR) -C $(PKG_BUILD_DIR) -xjf $(DL_DIR)/$(PKG_LINUX_FIRMWARE_SOURCE) + $(TAR) -C $(PKG_BUILD_DIR) -xjf $(DL_DIR)/$(PKG_ATH10K_LINUX_FIRMWARE_SOURCE) rm -rf \ $(PKG_BUILD_DIR)/include/linux/ssb \ $(PKG_BUILD_DIR)/include/linux/bcma \ @@ -1576,6 +1613,18 @@ define KernelPackage/ath9k-htc/install $(1)/lib/firmware/ endef +define KernelPackage/ath10k/install + $(INSTALL_DIR) $(1)/lib/firmware + $(INSTALL_DIR) $(1)/lib/firmware/ath10k + $(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA988X + $(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA988X/hw2.0 + $(INSTALL_DATA) \ + $(PKG_BUILD_DIR)/$(PKG_ATH10K_LINUX_FIRMWARE_SUBDIR)/ath10k/QCA988X/hw2.0/board.bin \ + $(PKG_BUILD_DIR)/$(PKG_ATH10K_LINUX_FIRMWARE_SUBDIR)/ath10k/QCA988X/hw2.0/firmware.bin \ + $(PKG_BUILD_DIR)/$(PKG_ATH10K_LINUX_FIRMWARE_SUBDIR)/ath10k/QCA988X/hw2.0/otp.bin \ + $(1)/lib/firmware/ath10k/QCA988X/hw2.0/ +endef + define KernelPackage/mwl8k/install $(INSTAL
[OpenWrt-Devel] [PATCH] hostapd: fix hostapd RSN preauthentication PMKSA caching
From: "Luis R. Rodriguez" In 2009 OpenWrt's hostapd config added an "auth_cache" boolean to be used to address a reported issue #12129 [0] on a forum [1]. The reported issue on the ticket is different that the one described on the forum. The commit was r33359. This change broke proper RSN preauthentication [2] [3] [4] expectations on hostapd's configuration for WPA2 and this in turn disabled PMKSA caching and Opportunistic Key Caching. This change: * Leaves the "auth_cache" to be used only for WPA networks for those looking to use this as a workaround to a reported issue but annotates a warning over its usage. * Separate "auth_cache" from WPA2 RSN preauthentication, leaving WPA2 RSN preauthentication to enabled only with "rsn_preauth" with the expected and recommended settings. * Adds a new WPA2 RSN preauthentication "rsn_preauth_testing" to be used when evaluating funcionality for WPA2 RSN preauthentication with the expected and recommended settings with the only difference so far with what should be enabled by default to disable Opportunistic Key Caching. Disabling the PMKSA cache should mean the STA could not roam off and back onto the AP that had PMKSA caching disabled and would require a full authentication cycle. This fixes this for WPA2 networks with RSN preauthentication enabled. This change should be applied to AA as well as trunk. TL DR; The issue described on the forum has to do with failure of a STA being able to try to authenticate again with the AP if it failed its first try. This may have been an issue with hostapd in 2009 but as per some tests I cannot reproduce this today on a WPA2 network. The issue described on the ticket alludes to a security issue with the design of using a Radius server to authenticate to an AP. The issue vaguely alludes to the circumstances of zapping a user, deleting their authentication credentials to log in to the network, and that if RSN preauthentication is enabled with PMKSA caching that the user that was zapped would still be able to authenticate. Lets treat these as separate issues. I cannot reproduce the first issue reported on the forums of not being able to authenticate anymore on a WPA2 network. The issue reported on the ticket modified WPA2 RSN preauthentication by adding two fields to the hostapd configuration if auth_cache was enabled: * disable_pmksa_caching=1 * okc=0 The first one disables PMKSA authentication cache. The second one disables Opportunistic Key Caching. The issue reported on the ticket was fixed by implementing a workaround in hostapd's configuration. Disabling PMKSA caching breaks proper use of WPA2 RSN pre authentication. The usage of disable_pmksa_caching=1 prevents hostapd from adding PMKSA entries into its cache when a successful 802.1x authentication occurs. In practice RSN preauthentication would trigger a STA to perform authentication with other APs on the same SSID, it would then have its own supplicant PMKSA cache held. If a STA roams between one AP to another no new authenitcation would need to be performed as the new AP would already have authenticated the STA. The purpose of the PMKSA cache on the AP side would be for the AP to use the same PMKID for a STA when the STA roams off onto another BSSID and later comes back to it. Disabling Opportunistic Key Caching could help the reported issue as well but its not the correct place to address this. Opportunistic Key Caching enables an AP with different interfaces to share the PMKSA cache. Its a technical enhancement and disabling it would be useful to let a testing suite properly test for RSN preauthentication given that otherwise Opportunistic Key Caching would enable an interface being tested to derive its own derive the PMKSA entry. In production though okc=1 should be enabled to help with RSN preauthentication. The real fix for this particular issue outside of the scope of hostapd's configuration and it should not be dealt with as a workaround to its configuration and breaking expected RSN preauthentication and technical optimizations. Revert this change and enable users to pick and choose to enable or disable disable_pmksa_caching and okc expecting them to instead have read clearly more what these do. As for the core issure ported, the correct place to fix this is to enable a sort of messaging between the RADIUS server and its peers so that if caching for authentication is enabled that cache can be cleared upon user credential updates. Updating a user password (not just zapping a user) is another possible issue that would need to be resolved here. Another part of the solution might be to reduce the cache timing to account for any systematic limitations (RADIUS server not able to ask peers to clear cache might be one). [0] https://dev.openwrt.org/changeset/33359 [1] https://forum.openwrt.org/viewtopic.php?id=19596 [2] http://
[OpenWrt-Devel] OpenWrt documentation scripts - openwrt-doc-scripts
I've been reviewing the OpenWrt documentation on the wiki and figured the releases could use some documentation love as well as packages documentation that get integrated into each release. I've started with the Attitude Adjustment AA-12.09-beta2 release and have come up with a set of scripts designed to help with documentation [0] be automatically generated. Please review the code [0] and results [1] and let me know what you think. Given that opkg [2] was designed to produce smaller package files than Debian does I've extracted documentation for each package from the original AA release Packages file [3]. For now I've ran 'opkg list-intsalled' against a DB120 and AP136 reference design board running the AA-12.09-beta2 image [4] and noticed they both have the same set of packages installed. To help parse the Packages file I'm using deb822 module from the python-debian [5] package. Its not the greatest but its *something* that I think we can start off with. One convenient thing it does to the average developer browsing is spit out the delta between the upstream package and refers to those files. There's a few enhancements that this could use but for that I think its best to get feedback at this point and work and collaborate together. To enhance this further I figure we could extract even more information from Kconfig as well but that itself is a project alone and requires some thought as to whether or not perhaps we want throw more into Packages instead and have Kconfig parse the package documentation for us there. It would also be good if the script would just write onto the wiki itself, right now I had to add each page manually. If we can configure MoinMoin to just let us have some wiki content on some files then those could be read and we could then just read the files which would be generated through some cronjob script. Just an initial shot, let me know what you guys think. [0] http://wiki.openwrt.org/doc/devel/packages/doc-scripts [1] http://wiki.openwrt.org/doc/devel/packages/list [2] http://wiki.openwrt.org/doc/devel/packages/opkg [3] http://downloads.openwrt.org/attitude_adjustment/12.09-beta2/ar71xx/generic/packages/Packages [4] http://downloads.openwrt.org/attitude_adjustment/12.09-beta2/ar71xx/generic/ [5] http://packages.debian.org/sid/python-debian Luis ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel