From 5b2fc5d65f85917e906af70f63c2fc238b266420 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 18 Jan 2021 13:02:15 +0000 Subject: [PATCH] hostapd: Update to development version Signed-off-by: Michael Tremer --- config/hostapd/config | 60 +++++++++++--------- lfs/hostapd | 10 ++-- src/patches/hostapd/hostapd-2.9-noscan.patch | 42 +++++++------- 3 files changed, 57 insertions(+), 55 deletions(-) diff --git a/config/hostapd/config b/config/hostapd/config index 78206ed781..4fa6df19f0 100644 --- a/config/hostapd/config +++ b/config/hostapd/config @@ -44,41 +44,35 @@ CONFIG_LIBNL32=y # Driver interface for no driver (e.g., RADIUS server only) #CONFIG_DRIVER_NONE=y -# IEEE 802.11F/IAPP -CONFIG_IAPP=y - # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y -# IEEE 802.11w (management frame protection) -CONFIG_IEEE80211W=y - # Support Operating Channel Validation #CONFIG_OCV=y # Integrated EAP server -CONFIG_EAP=y +#CONFIG_EAP=y # EAP Re-authentication Protocol (ERP) in integrated EAP server -CONFIG_ERP=y +#CONFIG_ERP=y # EAP-MD5 for the integrated EAP server -CONFIG_EAP_MD5=y +#CONFIG_EAP_MD5=y # EAP-TLS for the integrated EAP server -CONFIG_EAP_TLS=y +#CONFIG_EAP_TLS=y # EAP-MSCHAPv2 for the integrated EAP server -CONFIG_EAP_MSCHAPV2=y +#CONFIG_EAP_MSCHAPV2=y # EAP-PEAP for the integrated EAP server -CONFIG_EAP_PEAP=y +#CONFIG_EAP_PEAP=y # EAP-GTC for the integrated EAP server -CONFIG_EAP_GTC=y +#CONFIG_EAP_GTC=y # EAP-TTLS for the integrated EAP server -CONFIG_EAP_TTLS=y +#CONFIG_EAP_TTLS=y # EAP-SIM for the integrated EAP server #CONFIG_EAP_SIM=y @@ -138,7 +132,7 @@ CONFIG_EAP_TTLS=y # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) -CONFIG_PKCS12=y +#CONFIG_PKCS12=y # RADIUS authentication server. This provides access to the integrated EAP # server from external hosts using RADIUS. @@ -154,9 +148,6 @@ CONFIG_PKCS12=y # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) #CONFIG_DRIVER_RADIUS_ACL=y -# IEEE 802.11n (High Throughput) support -CONFIG_IEEE80211N=y - # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. #CONFIG_WNM=y @@ -168,7 +159,7 @@ CONFIG_IEEE80211AC=y # Note: This is experimental and work in progress. The definitions are still # subject to change and this should not be expected to interoperate with the # final IEEE 802.11ax version. -#CONFIG_IEEE80211AX=y +CONFIG_IEEE80211AX=y # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging @@ -189,13 +180,13 @@ CONFIG_IEEE80211AC=y #CONFIG_DEBUG_LINUX_TRACING=y # Remove support for RADIUS accounting -#CONFIG_NO_ACCOUNTING=y +CONFIG_NO_ACCOUNTING=y # Remove support for RADIUS -#CONFIG_NO_RADIUS=y +CONFIG_NO_RADIUS=y # Remove support for VLANs -#CONFIG_NO_VLAN=y +CONFIG_NO_VLAN=y # Enable support for fully dynamic VLANs. This enables hostapd to # automatically create bridge and VLAN interfaces if necessary. @@ -279,7 +270,7 @@ CONFIG_ELOOP_EPOLL=y # internal = Internal TLSv1 implementation (experimental) # linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) # none = Empty template -#CONFIG_TLS=openssl +CONFIG_TLS=openssl # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers @@ -360,7 +351,7 @@ CONFIG_ELOOP_EPOLL=y CONFIG_ACS=y # Multiband Operation support -# These extentions facilitate efficient use of multiple frequency bands +# These extensions facilitate efficient use of multiple frequency bands # available to the AP and the devices that may associate with it. #CONFIG_MBO=y @@ -377,7 +368,7 @@ CONFIG_TAXONOMY=y # Include internal line edit mode in hostapd_cli. This can be used to provide # limited command line editing and history support. -#CONFIG_WPA_CLI_EDIT=y +CONFIG_WPA_CLI_EDIT=y # Opportunistic Wireless Encryption (OWE) # Experimental implementation of draft-harkins-owe-07.txt @@ -390,5 +381,20 @@ CONFIG_AIRTIME_POLICY=y # parameter. See that parameter in hostapd.conf for more details. #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 -# Custom configuration -CONFIG_SAE=y +# Wired equivalent privacy (WEP) +# WEP is an obsolete cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used for anything anymore. The +# functionality needed to use WEP is available in the current hostapd +# release under this optional build parameter. This functionality is subject to +# be completely removed in a future release. +#CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore. For now, the default hostapd +# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but +# that functionality is subject to be removed in the future. +#CONFIG_NO_TKIP=y + +# Manually added options +CONFIG_IEEE80211W=y diff --git a/lfs/hostapd b/lfs/hostapd index 3cac20c8a2..e6b92db3af 100644 --- a/lfs/hostapd +++ b/lfs/hostapd @@ -24,15 +24,15 @@ include Config -VER = 2.9 +VER = 581dfcc THISAPP = hostapd-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) +DIR_APP = $(DIR_SRC)/hostap-$(VER) TARGET = $(DIR_INFO)/$(THISAPP) PROG = hostapd -PAK_VER = 53 +PAK_VER = 54 DEPS = @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = f188fc53a495fe7af3b6d77d3c31dee8 +$(DL_FILE)_MD5 = eed922f2daabe16d74adf2b23455d8bd install : $(TARGET) @@ -83,7 +83,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP)/hostapd && cp $(DIR_SRC)/config/hostapd/config ./.config cd $(DIR_APP)/hostapd && sed -e "s@/usr/local@/usr@g" -i Makefile - cd $(DIR_APP)/hostapd && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP)/hostapd && make $(MAKETUNING) cd $(DIR_APP)/hostapd && make install install -v -m 644 $(DIR_SRC)/config/backup/includes/hostapd /var/ipfire/backup/addons/includes/hostapd # install initscript diff --git a/src/patches/hostapd/hostapd-2.9-noscan.patch b/src/patches/hostapd/hostapd-2.9-noscan.patch index c4df230298..638b76f84e 100644 --- a/src/patches/hostapd/hostapd-2.9-noscan.patch +++ b/src/patches/hostapd/hostapd-2.9-noscan.patch @@ -1,10 +1,9 @@ -diff U3 hostapd/config_file.c hostapd/config_file.c ---- a/hostapd/config_file.c Wed Aug 7 15:25:25 2019 -+++ b/hostapd/config_file.c Fri Sep 20 17:36:33 2019 -@@ -3411,6 +3411,10 @@ +--- a/hostapd/config_file.c ++++ b/hostapd/config_file.c +@@ -3493,6 +3493,10 @@ static int hostapd_config_fill(struct ho + if (bss->ocv && !bss->ieee80211w) bss->ieee80211w = 1; #endif /* CONFIG_OCV */ - #ifdef CONFIG_IEEE80211N + } else if (os_strcmp(buf, "noscan") == 0) { + conf->noscan = atoi(pos); + } else if (os_strcmp(buf, "ht_coex") == 0) { @@ -12,10 +11,9 @@ diff U3 hostapd/config_file.c hostapd/config_file.c } else if (os_strcmp(buf, "ieee80211n") == 0) { conf->ieee80211n = atoi(pos); } else if (os_strcmp(buf, "ht_capab") == 0) { -diff U3 src/ap/ap_config.h src/ap/ap_config.h ---- a/src/ap/ap_config.h Wed Aug 7 15:25:25 2019 -+++ b/src/ap/ap_config.h Fri Sep 20 17:38:06 2019 -@@ -932,6 +932,8 @@ +--- a/src/ap/ap_config.h ++++ b/src/ap/ap_config.h +@@ -984,6 +984,8 @@ struct hostapd_config { int ht_op_mode_fixed; u16 ht_capab; @@ -24,10 +22,9 @@ diff U3 src/ap/ap_config.h src/ap/ap_config.h int ieee80211n; int secondary_channel; int no_pri_sec_switch; -diff U3 src/ap/hw_features.c src/ap/hw_features.c ---- a/src/ap/hw_features.c Wed Aug 7 15:25:25 2019 -+++ b/src/ap/hw_features.c Fri Sep 20 17:39:02 2019 -@@ -477,7 +477,8 @@ +--- a/src/ap/hw_features.c ++++ b/src/ap/hw_features.c +@@ -500,7 +500,8 @@ static int ieee80211n_check_40mhz(struct int ret; /* Check that HT40 is used and PRI / SEC switch is allowed */ @@ -37,10 +34,9 @@ diff U3 src/ap/hw_features.c src/ap/hw_features.c return 0; hostapd_set_state(iface, HAPD_IFACE_HT_SCAN); -diff U3 src/ap/ieee802_11_ht.c src/ap/ieee802_11_ht.c ---- a/src/ap/ieee802_11_ht.c Wed Aug 7 15:25:25 2019 -+++ b/src/ap/ieee802_11_ht.c Fri Sep 20 17:41:24 2019 -@@ -252,6 +252,9 @@ +--- a/src/ap/ieee802_11_ht.c ++++ b/src/ap/ieee802_11_ht.c +@@ -230,6 +230,9 @@ void hostapd_2040_coex_action(struct hos return; } @@ -50,13 +46,13 @@ diff U3 src/ap/ieee802_11_ht.c src/ap/ieee802_11_ht.c if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) { wpa_printf(MSG_DEBUG, "Ignore too short 20/40 BSS Coexistence Management frame"); -@@ -410,6 +413,9 @@ - void ht40_intolerant_add(struct hostapd_iface *iface, struct sta_info *sta) - { +@@ -390,6 +393,9 @@ void ht40_intolerant_add(struct hostapd_ if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) -+ return; -+ -+ if (iface->conf->noscan || iface->conf->no_ht_coex) return; ++ if (iface->conf->noscan || iface->conf->no_ht_coex) ++ return; ++ wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR + " in Association Request", MAC2STR(sta->addr)); + -- 2.39.2