[OpenWrt-Devel] [PATCH 7/7] hostapd: recognize 8021x as an authentication mode

[Luis R. Rodriguez]

From: Mathieu Olivari 

Currently, in order to configure the authentication daemon in
8021x mode, we need to set wireless.@wifi-iface[0].encryption="wpa"
Though it works it confuses folks as 8021x is using WEP
encryption and not WPA. Therefore the terminology itself is
confusing. This change adds 8021x as a recognized string for 8021x
authentication.

Signed-off-by: Mathieu Olivari 
Signed-off-by: Luis R. Rodriguez 
---
 package/network/services/hostapd/files/hostapd.sh |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/network/services/hostapd/files/hostapd.sh 
b/package/network/services/hostapd/files/hostapd.sh
index 8e51fe7..1cd4283 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -93,7 +93,7 @@ hostapd_set_bss_options() {
[ -n "$wpa_pair_rekey"   ] && append "$var" 
"wpa_ptk_rekey=$wpa_pair_rekey""$N"
[ -n "$wpa_master_rekey" ] && append "$var" 
"wpa_gmk_rekey=$wpa_master_rekey"  "$N"
;;
-   *wpa*)
+   *wpa*|*8021x*)
# required fields? formats?
# hostapd is particular, maybe a default configuration 
for failures
config_get auth_server "$vif" auth_server
-- 
1.7.10.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 5/7] hostapd: prompt user confirmation when WPS is used with hiden ssid

[Luis R. Rodriguez]

From: Mathieu Olivari 

This is required explicitly for WPS 2.0 testing.

Signed-off-by: Mathieu Olivari 
Signed-off-by: Sujith Manoharan 
Signed-off-by: Luis R. Rodriguez 
---
 package/network/services/hostapd/files/hostapd.sh |   11 +++
 1 file changed, 11 insertions(+)

diff --git a/package/network/services/hostapd/files/hostapd.sh 
b/package/network/services/hostapd/files/hostapd.sh
index ce0f227..56e6eb0 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -190,6 +190,17 @@ hostapd_set_bss_options() {
config_get config_methods "$vif" wps_config
[ "$wps_pbc" -gt 0 ] && append config_methods push_button
 
+   # For WPS 2.0 testing, the testing requires this as a feature.
+   # If we're configured to enable WPS and we hide our SSID, then
+   # we have to require an "explicit user operation to continue"
+   config_get_bool hidden "$vif" hidden 0
+   [ -n "$wps_possible" -a -n "$config_methods" -a "$hidden" -gt 0 ] && {
+   echo "Hidden SSID is enabled on \"$ifname\", WPS will be 
automatically disabled"
+   echo "Please press any key to continue."
+   read -s -n 1
+   wps_possible=
+   }
+
[ -n "$wps_possible" -a -n "$config_methods" ] && {
config_get device_type "$vif" wps_device_type "6-0050F204-1"
config_get device_name "$vif" wps_device_name "OpenWrt AP"
-- 
1.7.10.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 6/7] hostapd: add external registrar support

[Luis R. Rodriguez]

From: Mathieu Olivari 

Setting wireless.@wifi-iface[N].ext_registrar=1 will enable UPNP
advertising and add an external registrar to the interface this vif
belongs to (br-lan if the vif is included in the LAN bridge). By
enabling this we append upnp_iface=xxx to the hostapd config file.

Signed-off-by: Sujith Manoharan 
Signed-off-by: Mathieu Olivari 
Signed-off-by: Luis R. Rodriguez 
---
 package/network/services/hostapd/files/hostapd.sh |3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/network/services/hostapd/files/hostapd.sh 
b/package/network/services/hostapd/files/hostapd.sh
index 56e6eb0..8e51fe7 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -207,6 +207,9 @@ hostapd_set_bss_options() {
config_get manufacturer "$vif" wps_manufacturer "openwrt.org"
config_get wps_pin "$vif" wps_pin "12345670"
 
+   config_get_bool ext_registrar "$vif" ext_registrar 0
+   [ "$ext_registrar" -gt 0 -a -n "$bridge" ] && append "$var" 
"upnp_iface=$bridge" "$N"
+
append "$var" "eap_server=1" "$N"
append "$var" "ap_pin=$wps_pin" "$N"
append "$var" "wps_state=${wps_not_configured:-2}" "$N"
-- 
1.7.10.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 4/7] hostapd: enable WPS2 support on hostapd-full.config

[Luis R. Rodriguez]

From: Sujith Manoharan 

Enable CONFIG_WPS2 for hostapd. This is required to support
options like Virtual Push Button in WPS.

Signed-off-by: Sujith Manoharan 
Signed-off-by: Luis R. Rodriguez 
---
 package/network/services/hostapd/files/hostapd-full.config |3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package/network/services/hostapd/files/hostapd-full.config 
b/package/network/services/hostapd/files/hostapd-full.config
index c88fedd..ae0c7cc 100644
--- a/package/network/services/hostapd/files/hostapd-full.config
+++ b/package/network/services/hostapd/files/hostapd-full.config
@@ -107,7 +107,8 @@ CONFIG_EAP_TTLS=y
 #CONFIG_EAP_FAST=y
 
 # Wi-Fi Protected Setup (WPS)
-#CONFIG_WPS=y
+CONFIG_WPS=y
+CONFIG_WPS2=y
 # Enable UPnP support for external WPS Registrars
 #CONFIG_WPS_UPNP=y
 
-- 
1.7.10.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/7] hostapd: Add eap_reauth_period config option

[Luis R. Rodriguez]

From: Mathieu Olivari 

This adds the eap_reauth_period to be used for modifying
the RADIUS server reauthentication authentication period,
a parameter that gets passed directly to the hostapd
configuration file.

Signed-off-by: Mathieu Olivari 
Signed-off-by: Luis R. Rodriguez 
---
 package/network/services/hostapd/files/hostapd.sh |2 ++
 1 file changed, 2 insertions(+)

diff --git a/package/network/services/hostapd/files/hostapd.sh 
b/package/network/services/hostapd/files/hostapd.sh
index e25e870..0f1a619 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -108,6 +108,8 @@ hostapd_set_bss_options() {
[ -n "$acct_port" ] && append "$var" 
"acct_server_port=$acct_port" "$N"
config_get acct_secret "$vif" acct_secret
[ -n "$acct_secret" ] && append "$var" 
"acct_server_shared_secret=$acct_secret" "$N"
+   config_get eap_reauth_period "$vif" eap_reauth_period
+   [ -n "$eap_reauth_period" ] && append "$var" 
"eap_reauth_period=$eap_reauth_period" "$N"
config_get dae_client "$vif" dae_client
config_get dae_secret "$vif" dae_secret
[ -n "$dae_client" -a -n "$dae_secret" ] && {
-- 
1.7.10.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 2/7] hostapd: Add WPS unconfigured & WPS pin method support

[Luis R. Rodriguez]

From: Mathieu Olivari 

Signed-off-by: Mathieu Olivari 
Signed-off-by: Luis R. Rodriguez 
---
 package/network/services/hostapd/files/hostapd.sh |   16 +---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/package/network/services/hostapd/files/hostapd.sh 
b/package/network/services/hostapd/files/hostapd.sh
index 0f1a619..aace21c 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -3,7 +3,7 @@ hostapd_set_bss_options() {
local vif="$2"
local enc wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey 
wps_possible
 
-   config_get enc "$vif" encryption
+   config_get enc "$vif" encryption "none"
config_get wep_rekey"$vif" wep_rekey# 300
config_get wpa_group_rekey  "$vif" wpa_group_rekey  # 300
config_get wpa_pair_rekey   "$vif" wpa_pair_rekey   # 300
@@ -73,6 +73,14 @@ hostapd_set_bss_options() {
 
# use crypto/auth settings for building the hostapd config
case "$enc" in
+   none)
+   wps_possible=1
+   wpa=0
+   crypto=
+   # Here we make the assumption that if we're in open mode
+   # with WPS enabled, we got to be in unconfigured state.
+   wps_not_configured=1
+   ;;
*psk*)
config_get psk "$vif" key
if [ ${#psk} -eq 64 ]; then
@@ -182,10 +190,12 @@ hostapd_set_bss_options() {
config_get device_type "$vif" wps_device_type "6-0050F204-1"
config_get device_name "$vif" wps_device_name "OpenWrt AP"
config_get manufacturer "$vif" wps_manufacturer "openwrt.org"
+   config_get wps_pin "$vif" wps_pin "12345670"
 
append "$var" "eap_server=1" "$N"
-   append "$var" "wps_state=2" "$N"
-   append "$var" "ap_setup_locked=1" "$N"
+   append "$var" "ap_pin=$wps_pin" "$N"
+   append "$var" "wps_state=${wps_not_configured:-2}" "$N"
+   append "$var" "ap_setup_locked=0" "$N"
append "$var" "device_type=$device_type" "$N"
append "$var" "device_name=$device_name" "$N"
append "$var" "manufacturer=$manufacturer" "$N"
-- 
1.7.10.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 3/7] hostapd: fix hostapd RSN preauthentication PMKSA caching

[Luis R. Rodriguez]

From: "Luis R. Rodriguez" 

In 2009 OpenWrt's hostapd config added an "auth_cache" boolean
to be used to address a reported issue #12129 [0] on a forum [1].
The reported issue on the ticket is different that the one
described on the forum. The commit was r33359. This change broke
proper RSN preauthentication [2] [3] [4] expectations on hostapd's
configuration for WPA2 and this in turn disabled PMKSA caching and
Opportunistic Key Caching. This change:

  * Leaves the "auth_cache" to be used only for WPA networks for those
looking to use this as a workaround to a reported issue but annotates
a warning over its usage.

  * Separate "auth_cache" from WPA2 RSN preauthentication, leaving
WPA2 RSN preauthentication to enabled only with "rsn_preauth" with
the expected and recommended settings.

  * Adds a new WPA2 RSN preauthentication "rsn_preauth_testing" to
be used when evaluating funcionality for WPA2 RSN preauthentication
with the expected and recommended settings with the only difference
so far with what should be enabled by default to disable Opportunistic
Key Caching.

Disabling the PMKSA cache should mean the STA could not roam off and back
onto the AP that had PMKSA caching disabled and would require a full
authentication cycle. This fixes this for WPA2 networks with
RSN preauthentication enabled.

This change should be applied to AA as well as trunk.

  TL DR;

The issue described on the forum has to do with failure of a STA
being able to try to authenticate again with the AP if it failed
its first try. This may have been an issue with hostapd in 2009
but as per some tests I cannot reproduce this today on a WPA2
network.

The issue described on the ticket alludes to a security issue with the
design of using a Radius server to authenticate to an AP. The issue
vaguely alludes to the circumstances of zapping a user, deleting their
authentication credentials to log in to the network, and that if
RSN preauthentication is enabled with PMKSA caching that the user
that was zapped would still be able to authenticate.

Lets treat these as separate issues.

I cannot reproduce the first issue reported on the forums of not
being able to authenticate anymore on a WPA2 network.

The issue reported on the ticket modified WPA2 RSN preauthentication
by adding two fields to the hostapd configuration if auth_cache
was enabled:

  * disable_pmksa_caching=1
  * okc=0

The first one disables PMKSA authentication cache.
The second one disables Opportunistic Key Caching.

The issue reported on the ticket was fixed by implementing a workaround
in hostapd's configuration. Disabling PMKSA caching breaks proper use
of WPA2 RSN pre authentication. The usage of disable_pmksa_caching=1
prevents hostapd from adding PMKSA entries into its cache when a successful
802.1x authentication occurs. In practice RSN preauthentication would
trigger a STA to perform authentication with other APs on the same SSID,
it would then have its own supplicant PMKSA cache held. If a STA roams
between one AP to another no new authenitcation would need to be performed
as the new AP would already have authenticated the STA. The purpose of the
PMKSA cache on the AP side would be for the AP to use the same PMKID for
a STA when the STA roams off onto another BSSID and later comes back to it.

Disabling Opportunistic Key Caching could help the reported issue
as well but its not the correct place to address this. Opportunistic
Key Caching enables an AP with different interfaces to share the
PMKSA cache. Its a technical enhancement and disabling it would
be useful to let a testing suite properly test for RSN preauthentication
given that otherwise Opportunistic Key Caching would enable an
interface being tested to derive its own derive the PMKSA entry.
In production though okc=1 should be enabled to help with RSN
preauthentication.

The real fix for this particular issue outside of the scope of hostapd's
configuration and it should not be dealt with as a workaround to
its configuration and breaking expected RSN preauthentication and
technical optimizations. Revert this change and enable users to pick
and choose to enable or disable disable_pmksa_caching and okc expecting them
to instead have read clearly more what these do.

As for the core issure ported, the correct place to fix this is to
enable a sort of messaging between the RADIUS server and its peers
so that if caching for authentication is enabled that cache can be
cleared upon user credential updates. Updating a user password
(not just zapping a user) is another possible issue that would need
to be resolved here. Another part of the solution might be to reduce
the cache timing to account for any systematic limitations (RADIUS
server not able to ask peers to clear cache might be
one).

[0] https://dev.openwrt.org/changeset/33359
[1] https://forum.openwrt.org/viewtopic.php?id=19596
[2] 
http://

[OpenWrt-Devel] [PATCH 0/7] hostapd: series of hostapd fixes

[Luis R. Rodriguez]

From: "Luis R. Rodriguez" 

Here's a series of hostapd fixes that have helped pass
both 802.11n and WPS testings.

Luis R. Rodriguez (1):
  hostapd: fix hostapd RSN preauthentication PMKSA caching

Mathieu Olivari (5):
  hostapd: Add eap_reauth_period config option
  hostapd: Add WPS unconfigured & WPS pin method support
  hostapd: prompt user confirmation when WPS is used with hiden ssid
  hostapd: add external registrar support
  hostapd: recognize 8021x as an authentication mode

Sujith Manoharan (1):
  hostapd: enable WPS2 support on hostapd-full.config

 .../services/hostapd/files/hostapd-full.config |3 +-
 package/network/services/hostapd/files/hostapd.sh  |   59 +---
 2 files changed, 53 insertions(+), 9 deletions(-)

-- 
1.7.10.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] packages: enable ip on busybox

[Luis R. Rodriguez]

On Fri, Sep 6, 2013 at 12:39 PM, Luis R. Rodriguez
 wrote:
> From: "Luis R. Rodriguez" 
>
> iw is to iwconfig as
> ip is to ifconfig
>
> As with iwconfig, ifconfig is deprecated, promote usage of ip
> using netlink.
>
> Signed-off-by: Luis R. Rodriguez 

Actually perhaps its best to enable iproute2 package instead.

  Luis
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] packages: enable ip on busybox

[Luis R. Rodriguez]

From: "Luis R. Rodriguez" 

iw is to iwconfig as
ip is to ifconfig

As with iwconfig, ifconfig is deprecated, promote usage of ip
using netlink.

Signed-off-by: Luis R. Rodriguez 
---
 package/utils/busybox/config/networking/Config.in |   12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/package/utils/busybox/config/networking/Config.in 
b/package/utils/busybox/config/networking/Config.in
index 442eb03..d8f4351 100644
--- a/package/utils/busybox/config/networking/Config.in
+++ b/package/utils/busybox/config/networking/Config.in
@@ -591,7 +591,7 @@ config BUSYBOX_CONFIG_FEATURE_INETD_RPC
 
 config BUSYBOX_CONFIG_IP
bool "ip"
-   default n
+   default y
select BUSYBOX_CONFIG_PLATFORM_LINUX
help
  The "ip" applet is a TCP/IP interface configuration and routing
@@ -600,35 +600,35 @@ config BUSYBOX_CONFIG_IP
 
 config BUSYBOX_CONFIG_FEATURE_IP_ADDRESS
bool "ip address"
-   default n
+   default y
depends on BUSYBOX_CONFIG_IP
help
  Address manipulation support for the "ip" applet.
 
 config BUSYBOX_CONFIG_FEATURE_IP_LINK
bool "ip link"
-   default n
+   default y
depends on BUSYBOX_CONFIG_IP
help
  Configure network devices with "ip".
 
 config BUSYBOX_CONFIG_FEATURE_IP_ROUTE
bool "ip route"
-   default n
+   default y
depends on BUSYBOX_CONFIG_IP
help
  Add support for routing table management to "ip".
 
 config BUSYBOX_CONFIG_FEATURE_IP_TUNNEL
bool "ip tunnel"
-   default n
+   default y
depends on BUSYBOX_CONFIG_IP
help
  Add support for tunneling commands to "ip".
 
 config BUSYBOX_CONFIG_FEATURE_IP_RULE
bool "ip rule"
-   default n
+   default y
depends on BUSYBOX_CONFIG_IP
help
  Add support for rule commands to "ip".
-- 
1.7.10.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] mac80211: make package depend on readlink requirements

[Luis R. Rodriguez]

On Thu, Sep 5, 2013 at 2:46 AM, Felix Fietkau  wrote:
> On 2013-09-04 7:37 PM, Luis R. Rodriguez wrote:
>> On Thu, Aug 29, 2013 at 06:12:02PM +0200, Felix Fietkau wrote:
>>> On 2013-08-28 10:30 PM, Luis R. Rodriguez wrote:
>>> > From: "Luis R. Rodriguez" 
>>> >
>>> > The mac80211.sh script uses readlink -f which requires
>>> >
>>> > CONFIG_BUSYBOX_CONFIG_READLINK
>>> > CONFIG_BUSYBOX_CONFIG_FEATURE_READLINK_FOLLOW
>>> >
>>> > Without these wifi detect will fail and users end up
>>> > puzzled with error messages such as:
>>> >
>>> > PHY for wifi device radio0 not found
>>> >
>>> > This is due to the fact that without these options
>>> > mac80211.sh readlink -f command will fail and not
>>> > assign the appropriate phy for the devices. This
>>> > fixes initial configuration with OpenWrt with the
>>> > as 'wifi detect > /etc/config/wireless' depends on
>>> > mac80211.sh.
>>> >
>>> > Cc: Kalle Valo 
>>> > Cc: Kathy Giori 
>>> > Cc: Mathieu Olivari 
>>> > Cc: Jerome Proffit 
>>> > Cc: Sujith Manoharan 
>>> > Cc: Matthew McClintock 
>>> > Signed-off-by: Luis R. Rodriguez 
>>> NACK. readlink is enabled by default in the busybox config, and it's
>>> needed by other things as well, including base-files (rc.common).
>>> Adding these dependencies to the mac80211 package thus seems a bit
>>> arbitrary and out of place.
>>> I think at some point it probably makes sense to remove the top-level
>>> busybox menuconfig integration and treat its configuration more like
>>> kernel_menuconfig.
>>
>> Does it also enable by default BUSYBOX_CONFIG_FEATURE_READLINK_FOLLOW ?
>> At least on AA it does not seem like so.
> I just fixed that, as of r37896 it gets enabled by default.

Thanks, odd though I don't see that on the git tree [0], I see r37897
and r37895 but not r37896. Is this in another tree perhaps?

git://nbd.name/openwrt.git

  Luis
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] base-files: add color to PS1

[Luis R. Rodriguez]

From: "Luis R. Rodriguez" 

Signed-off-by: Luis R. Rodriguez 
---
 package/base-files/files/etc/profile |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/base-files/files/etc/profile 
b/package/base-files/files/etc/profile
index e9a7119..7caabf1 100644
--- a/package/base-files/files/etc/profile
+++ b/package/base-files/files/etc/profile
@@ -4,7 +4,7 @@
 export PATH=/usr/bin:/usr/sbin:/bin:/sbin
 export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6)
 export HOME=${HOME:-/root}
-export PS1='\u@\h:\w\$ '
+export PS1="\[\033[01;31m\]\u@\[\033[01;33m\]\h\[\033[01;34m\] \w 
\[\033[31m\]\\[\033[00m\]#\[\033[00m\] "
 
 [ -x /bin/more ] || alias more=less
 [ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
-- 
1.7.10.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] mac80211: make package depend on readlink requirements

[Luis R. Rodriguez]

From: "Luis R. Rodriguez" 

The mac80211.sh script uses readlink -f which requires

CONFIG_BUSYBOX_CONFIG_READLINK
CONFIG_BUSYBOX_CONFIG_FEATURE_READLINK_FOLLOW

Without these wifi detect will fail and users end up
puzzled with error messages such as:

PHY for wifi device radio0 not found

This is due to the fact that without these options
mac80211.sh readlink -f command will fail and not
assign the appropriate phy for the devices. This
fixes initial configuration with OpenWrt with the
as 'wifi detect > /etc/config/wireless' depends on
mac80211.sh.

Cc: Kalle Valo 
Cc: Kathy Giori 
Cc: Mathieu Olivari 
Cc: Jerome Proffit 
Cc: Sujith Manoharan 
Cc: Matthew McClintock 
Signed-off-by: Luis R. Rodriguez 
---
 package/kernel/mac80211/Makefile |2 ++
 1 file changed, 2 insertions(+)

diff --git a/package/kernel/mac80211/Makefile b/package/kernel/mac80211/Makefile
index 6f25413..bf03f56 100644
--- a/package/kernel/mac80211/Makefile
+++ b/package/kernel/mac80211/Makefile
@@ -56,12 +56,14 @@ define KernelPackage/mac80211/Default
   URL:=http://linuxwireless.org/
   MAINTAINER:=Felix Fietkau 
   DEPENDS:=@(!(TARGET_avr32||TARGET_ps3||TARGET_pxcab)||BROKEN)
+  DEPENDS+= +@BUSYBOX_CONFIG_READLINK +@BUSYBOX_CONFIG_FEATURE_READLINK_FOLLOW
 endef
 
 define KernelPackage/cfg80211
   $(call KernelPackage/mac80211/Default)
   TITLE:=cfg80211 - wireless configuration API
   DEPENDS+= +iw
+  DEPENDS+= +@BUSYBOX_CONFIG_READLINK +@BUSYBOX_CONFIG_FEATURE_READLINK_FOLLOW
   FILES:= \
$(PKG_BUILD_DIR)/compat/compat.ko \
$(PKG_BUILD_DIR)/net/wireless/cfg80211.ko
-- 
1.7.10.4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] ath10k: enable Atheros 802.11ac driver

[Luis R. Rodriguez]

From: "Luis R. Rodriguez" 

This enables usage of the ath10k driver on OpenWrt. Only 2.0 PCI hardware
is supported. The ath10k firmware is currently only available
through github so use that as its source for now.

This goes build tested, not run time tested.

Cc: ath...@lists.infradead.org
Cc: Kalle Valo 
Cc: Kathy Giori 
Cc: Mathieu Olivari 
Cc: Jerome Proffit 
Cc: Sujith Manoharan 
Cc: Matthew McClintock 
Signed-off-by: Luis R. Rodriguez 
---
 package/kernel/mac80211/Makefile |   52 +-
 1 file changed, 51 insertions(+), 1 deletion(-)

diff --git a/package/kernel/mac80211/Makefile b/package/kernel/mac80211/Makefile
index 5bef361..65c7eb3 100644
--- a/package/kernel/mac80211/Makefile
+++ b/package/kernel/mac80211/Makefile
@@ -27,7 +27,7 @@ PKG_DRIVERS = \
rt2x00-lib rt2x00-pci rt2x00-usb rt2x00-soc rt2800-lib rt2400-pci \
rt2500-pci rt2500-usb rt61-pci rt73-usb rt2800-pci rt2800-usb \
rtl8180 rtl8187 zd1211rw mac80211-hwsim carl9170 b43 b43legacy \
-   ath9k-common ath9k ath9k-htc ath net-libipw net-ipw2100 net-ipw2200 \
+   ath9k-common ath9k ath9k-htc ath10k ath net-libipw net-ipw2100 
net-ipw2200 \
mwl8k net-hermes net-hermes-pci net-hermes-plx net-hermes-pcmcia \
iwl-legacy iwl3945 iwl4965 iwlagn wl12xx lib80211 \
rtlwifi rtlwifi-pci rtlwifi-usb rtl8192c-common rtl8192ce rtl8192se \
@@ -125,6 +125,24 @@ define Download/linux-firmware
 endef
 $(eval $(call Download,linux-firmware))
 
+PKG_ATH10K_LINUX_FIRMWARE_NAME:=ath10k-firmware
+PKG_ATH10K_LINUX_FIRMWARE_VERSION:=9374d42c01bd84487855af9f9bffc622c50e7331
+PKG_ATH10K_LINUX_FIRMWARE_SOURCE:=$(PKG_ATH10K_LINUX_FIRMWARE_NAME)-$(PKG_ATH10K_LINUX_FIRMWARE_VERSION).tar.bz2
+PKG_ATH10K_LINUX_FIRMWARE_PROTO:=git
+PKG_ATH10K_LINUX_FIRMWARE_SOURCE_URL:=https://github.com/kvalo/ath10k-firmware.git
+PKG_ATH10K_LINUX_FIRMWARE_SUBDIR:=$(PKG_ATH10K_LINUX_FIRMWARE_NAME)-$(PKG_ATH10K_LINUX_FIRMWARE_VERSION)
+#PKG_ATH10K_LINUX_FIRMWARE_MIRROR_MD5SUM:=?
+
+define Download/ath10k-firmware
+  FILE:=$(PKG_ATH10K_LINUX_FIRMWARE_SOURCE)
+  URL:=$(PKG_ATH10K_LINUX_FIRMWARE_SOURCE_URL)
+  PROTO:=$(PKG_ATH10K_LINUX_FIRMWARE_PROTO)
+  VERSION:=$(PKG_ATH10K_LINUX_FIRMWARE_VERSION)
+  SUBDIR:=$(PKG_ATH10K_LINUX_FIRMWARE_SUBDIR)
+  #MIRROR_MD5SUM:=$(PKG_ATH10K_LINUX_FIRMWARE_MIRROR_MD5SUM)
+endef
+$(eval $(call Download,ath10k-firmware))
+
 # Prism54 drivers
 P54PCIFW:=2.13.12.0.arm
 P54USBFW:=2.13.24.0.lm87.arm
@@ -566,6 +584,23 @@ This module adds support for wireless adapters based on
 Atheros USB AR9271 and AR7010 family of chipsets.
 endef
 
+define KernelPackage/ath10k
+  $(call KernelPackage/mac80211/Default)
+  TITLE:=Atheros 802.11ac wireless cards support
+  URL:=http://wireless.kernel.org/en/users/Drivers/ath10k
+  DEPENDS+= @PCI_SUPPORT +kmod-ath
+  FILES:= \
+   $(PKG_BUILD_DIR)/drivers/net/wireless/ath/ath10k/ath10k_core.ko \
+   $(PKG_BUILD_DIR)/drivers/net/wireless/ath/ath10k/ath10k_pci.ko
+  AUTOLOAD:=$(call AutoLoad,55,ath10k)
+endef
+
+define KernelPackage/ath10k/description
+This module adds support for wireless adapters based on
+Atheros IEEE 802.11ac family of chipsets. For now only
+PCI is supported.
+endef
+
 define KernelPackage/carl9170
   $(call KernelPackage/mac80211/Default)
   TITLE:=Driver for Atheros AR9170 USB sticks
@@ -1314,6 +1349,7 @@ config-$(CONFIG_PCI) += ATH9K_PCI
 config-$(CONFIG_ATH_USER_REGD) += ATH_USER_REGD
 
 config-$(call config_package,ath9k-htc) += ATH9K_HTC
+config-$(call config_package,ath10k) += ATH10K ATH10K_PCI ATH10K_DEBUG 
ATH10K_DEBUGFS
 
 config-$(call config_package,ath5k) += ATH5K
 ifdef CONFIG_TARGET_atheros
@@ -1437,6 +1473,7 @@ define Build/Prepare
$(TAR) -C $(PKG_BUILD_DIR) -xzf 
$(DL_DIR)/$(IPW2200_NAME)-$(IPW2200_VERSION).tgz
$(TAR) -C $(PKG_BUILD_DIR) -xjf 
$(DL_DIR)/$(ZD1211FW_NAME)-$(ZD1211FW_VERSION).tar.bz2
$(TAR) -C $(PKG_BUILD_DIR) -xjf $(DL_DIR)/$(PKG_LINUX_FIRMWARE_SOURCE)
+   $(TAR) -C $(PKG_BUILD_DIR) -xjf 
$(DL_DIR)/$(PKG_ATH10K_LINUX_FIRMWARE_SOURCE)
rm -rf \
$(PKG_BUILD_DIR)/include/linux/ssb \
$(PKG_BUILD_DIR)/include/linux/bcma \
@@ -1576,6 +1613,18 @@ define KernelPackage/ath9k-htc/install
$(1)/lib/firmware/
 endef
 
+define KernelPackage/ath10k/install
+   $(INSTALL_DIR) $(1)/lib/firmware
+   $(INSTALL_DIR) $(1)/lib/firmware/ath10k
+   $(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA988X
+   $(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA988X/hw2.0
+   $(INSTALL_DATA) \
+   
$(PKG_BUILD_DIR)/$(PKG_ATH10K_LINUX_FIRMWARE_SUBDIR)/ath10k/QCA988X/hw2.0/board.bin
 \
+   
$(PKG_BUILD_DIR)/$(PKG_ATH10K_LINUX_FIRMWARE_SUBDIR)/ath10k/QCA988X/hw2.0/firmware.bin
 \
+   
$(PKG_BUILD_DIR)/$(PKG_ATH10K_LINUX_FIRMWARE_SUBDIR)/ath10k/QCA988X/hw2.0/otp.bin
 \
+   $(1)/lib/firmware/ath10k/QCA988X/hw2.0/
+endef
+
 define KernelPackage/mwl8k/install
$(INSTAL

[OpenWrt-Devel] [PATCH] hostapd: fix hostapd RSN preauthentication PMKSA caching

[Luis R. Rodriguez]

From: "Luis R. Rodriguez" 

In 2009 OpenWrt's hostapd config added an "auth_cache" boolean
to be used to address a reported issue #12129 [0] on a forum [1].
The reported issue on the ticket is different that the one
described on the forum. The commit was r33359. This change broke
proper RSN preauthentication [2] [3] [4] expectations on hostapd's
configuration for WPA2 and this in turn disabled PMKSA caching and
Opportunistic Key Caching. This change:

  * Leaves the "auth_cache" to be used only for WPA networks for those
looking to use this as a workaround to a reported issue but annotates
a warning over its usage.

  * Separate "auth_cache" from WPA2 RSN preauthentication, leaving
WPA2 RSN preauthentication to enabled only with "rsn_preauth" with
the expected and recommended settings.

  * Adds a new WPA2 RSN preauthentication "rsn_preauth_testing" to
be used when evaluating funcionality for WPA2 RSN preauthentication
with the expected and recommended settings with the only difference
so far with what should be enabled by default to disable Opportunistic
Key Caching.

Disabling the PMKSA cache should mean the STA could not roam off and back
onto the AP that had PMKSA caching disabled and would require a full
authentication cycle. This fixes this for WPA2 networks with
RSN preauthentication enabled.

This change should be applied to AA as well as trunk.

  TL DR;

The issue described on the forum has to do with failure of a STA
being able to try to authenticate again with the AP if it failed
its first try. This may have been an issue with hostapd in 2009
but as per some tests I cannot reproduce this today on a WPA2
network.

The issue described on the ticket alludes to a security issue with the
design of using a Radius server to authenticate to an AP. The issue
vaguely alludes to the circumstances of zapping a user, deleting their
authentication credentials to log in to the network, and that if
RSN preauthentication is enabled with PMKSA caching that the user
that was zapped would still be able to authenticate.

Lets treat these as separate issues.

I cannot reproduce the first issue reported on the forums of not
being able to authenticate anymore on a WPA2 network.

The issue reported on the ticket modified WPA2 RSN preauthentication
by adding two fields to the hostapd configuration if auth_cache
was enabled:

  * disable_pmksa_caching=1
  * okc=0

The first one disables PMKSA authentication cache.
The second one disables Opportunistic Key Caching.

The issue reported on the ticket was fixed by implementing a workaround
in hostapd's configuration. Disabling PMKSA caching breaks proper use
of WPA2 RSN pre authentication. The usage of disable_pmksa_caching=1
prevents hostapd from adding PMKSA entries into its cache when a successful
802.1x authentication occurs. In practice RSN preauthentication would
trigger a STA to perform authentication with other APs on the same SSID,
it would then have its own supplicant PMKSA cache held. If a STA roams
between one AP to another no new authenitcation would need to be performed
as the new AP would already have authenticated the STA. The purpose of the
PMKSA cache on the AP side would be for the AP to use the same PMKID for
a STA when the STA roams off onto another BSSID and later comes back to it.

Disabling Opportunistic Key Caching could help the reported issue
as well but its not the correct place to address this. Opportunistic
Key Caching enables an AP with different interfaces to share the
PMKSA cache. Its a technical enhancement and disabling it would
be useful to let a testing suite properly test for RSN preauthentication
given that otherwise Opportunistic Key Caching would enable an
interface being tested to derive its own derive the PMKSA entry.
In production though okc=1 should be enabled to help with RSN
preauthentication.

The real fix for this particular issue outside of the scope of hostapd's
configuration and it should not be dealt with as a workaround to
its configuration and breaking expected RSN preauthentication and
technical optimizations. Revert this change and enable users to pick
and choose to enable or disable disable_pmksa_caching and okc expecting them
to instead have read clearly more what these do.

As for the core issure ported, the correct place to fix this is to
enable a sort of messaging between the RADIUS server and its peers
so that if caching for authentication is enabled that cache can be
cleared upon user credential updates. Updating a user password
(not just zapping a user) is another possible issue that would need
to be resolved here. Another part of the solution might be to reduce
the cache timing to account for any systematic limitations (RADIUS
server not able to ask peers to clear cache might be
one).

[0] https://dev.openwrt.org/changeset/33359
[1] https://forum.openwrt.org/viewtopic.php?id=19596
[2] 
http://

[OpenWrt-Devel] OpenWrt documentation scripts - openwrt-doc-scripts

[Luis R. Rodriguez]

I've been reviewing the OpenWrt documentation on the wiki and figured
the releases could use some documentation love as well as packages
documentation that get integrated into each release. I've started with
the Attitude Adjustment AA-12.09-beta2 release and have come up with a
set of scripts designed to help with documentation [0] be
automatically generated. Please review the code [0] and results [1]
and let me know what you think.

Given that opkg [2] was designed to produce smaller package files than
Debian does I've extracted documentation for each package from the
original AA release Packages file [3]. For now I've ran 'opkg
list-intsalled' against a DB120 and AP136 reference design board
running the AA-12.09-beta2 image [4] and noticed they both have the
same set of packages installed. To help parse the Packages file I'm
using deb822 module from the python-debian [5] package. Its not the
greatest but its *something* that I think we can start off with. One
convenient thing it does to the average developer browsing is spit out
the delta between the upstream package and refers to those files.
There's a few enhancements that this could use but for that I think
its best to get feedback at this point and work and collaborate
together.

To enhance this further I figure we could extract even more
information from Kconfig as well but that itself is a project alone
and requires some thought as to whether or not perhaps we want throw
more into Packages instead and have Kconfig parse the package
documentation for us there. It would also be good if the script would
just write onto the wiki itself, right now I had to add each page
manually. If we can configure MoinMoin to just let us have some wiki
content on some files then those could be read and we could then just
read the files which would be generated through some cronjob script.

Just an initial shot, let me know what you guys think.

[0] http://wiki.openwrt.org/doc/devel/packages/doc-scripts
[1] http://wiki.openwrt.org/doc/devel/packages/list
[2] http://wiki.openwrt.org/doc/devel/packages/opkg
[3] 
http://downloads.openwrt.org/attitude_adjustment/12.09-beta2/ar71xx/generic/packages/Packages
[4] http://downloads.openwrt.org/attitude_adjustment/12.09-beta2/ar71xx/generic/
[5] http://packages.debian.org/sid/python-debian

  Luis
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel