Most users on forums face a broken 802.11r setup when having
a very simple 802.11r config (i.e., just ieee80211r enabled).
In most cases, simply bumping reassociation_deadline to
20000 fixes their problems and allows 802.11r to just work.
Reassociation Deadline is already set to 20 seconds on Cisco
equipment by default[1] which is why this value has been
chosen.
It is also mentioned on the OpenWRT Wiki as a value that should
be changed in order for 802.11r to work on Apple devices. I think
it would be better to change the defaults instead so users don't
have to do much work for a working setup.
[1]: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Fixes: https://github.com/openwrt/openwrt/issues/7907
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20799
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is useful to alter the default ban time after an STA
association is rejected for being below RSSI threshold.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20811
Signed-off-by: Robert Marko <robimarko@gmail.com>
This implements 65a1c666f2 ("hostapd: add SAE support for wifi-station
and optimize PSK file creation") and 913368a2 ("hostapd: add support for
SAE in PPSK option") for the ucode version as well.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/19965
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is useful if multiple passwords were specified without
the use of a SAE password identifier. This is the only
way to get multiple passwords for a single peer to work
without resorting to password identifiers.
Unfortunately, support for password identifiers is non-existent
on Android and macOS; and possibly others. So this is the only
option in that case.
As an alternative, one could also continue to use WPA2-PSK instead
as that could easily resort to a bruteforce approach without any
complications.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20597
Signed-off-by: Robert Marko <robimarko@gmail.com>
As this is generally only useful with "proxy_arp" enabled,
we default na_mcast_to_ucast to true if "proxy_arp" is already
enabled.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20596
Signed-off-by: Robert Marko <robimarko@gmail.com>
There are no supported drivers where it even makes sense to disable WMM
anymore, since so much depends on it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Move mlo specific hostapd ubus call from wireless handler to netifd core
ucode script. This avoids unnecessary queueing and the fake MLO wireless
device.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When creating the PSK file, the old script sets `mac` to
`00:00:00:00:00:00` when `mac` is not specified (see [here][1]),
creating hostapd configuration lines like:
vlanid=10 00:00:00:00:00:00 MyStrongPassword
That matches any MAC address (a wildcard). The `ucode` script alternative
misses the default, so set it.
[1]: 9c26d14489/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh (L428)
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Override via RSNE is a relatively new feature, which can be used to enable
WPA3 features in a way that is invisible to older clients.
Use it by default to mask the GCMP-256 cipher from older clients, since
there are compatibility issues with existing devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The plumbing is there in the ucode files to set the parameter using
nl80211. However, the option is never forwarded because it was missing
in mac80211.sh. Add it there and in the schema file.
Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
Link: https://github.com/openwrt/openwrt/pull/19030
Signed-off-by: Robert Marko <robimarko@gmail.com>
The ucode-based wifi interface validation is based on `hostapd.conf`
specific options, which means it's missing the OpenWrt-specific
'network' property.
This causes schema validation warnings like:
```
daemon.notice netifd: radio1 (1340): wifi-scripts: network is not present in the schema
```
The description is taken from the OpenWrt wiki:
https://openwrt.org/docs/guide-user/network/wifi/basic#common_options1
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18946
Signed-off-by: Robert Marko <robimarko@gmail.com>
* Add missing parentheses in the conditionals for VHT160/VHT160-80PLUS80
and VHT_MAX_MPDU capabilities. The missing parentheses caused the bitwise
AND to be evaluated after the equality comparison due to ECMA's operator
precedence, where `==` has higher precedence than `&`.
* Fix Max MPDU length detection by changing the comparison operators to
`>=` vs `>` otherwise the condition would never be met.
* Add missing default values:
- `true` value for `short_gi_80` (As it exists for `short_gi_20`, `short_gi_40`, `short_gi_160`)
- `7` for `vht_max_mpdu` (Without it the loop in MAX-MPDU-* calculation always compares with null)
* Change the `vht160` condition to `config.vht160 <= 2`. This flag is
`2` by default, and only ever set to `0` when `vht_oper_chwidth < 2`.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18013
Signed-off-by: John Crispin <john@phrozen.org>
Add an ucode based re-implementation of the shell script based wifi code.
The new code is jsonschema driven. The code has been refactored into several
files making it easier to follow.
The new scripts are also way faster than the previous sh implementation.
The new code is currently opt-in via WIFI_SCRIPTS_UCODE and defaults to
EXPERIMENTAL.
Signed-off-by: John Crispin <john@phrozen.org>
