The CLI tools hostapd_cli and wpa_cli are compiled with
`TARGET_LDFLAGS_C` rather than the standard `TARGET_LDFLAGS`.
This variable is empty, leading to global linker options not being
applied.
Set this variable equal to `TARGET_LDFLAGS` right after the package.mk
include to make sure global linker options are applied, but local options
such as linking to crypto libraries are not.
Signed-off-by: Matthias Van Parys <matthias.vanparys@softathome.com>
Link: https://github.com/openwrt/openwrt/pull/20345
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently the path for setting 20MHz doesn't set ht_capab to '' at the
beginning which results in null in ht_capab in hostapd.conf.
Fix this by setting config.ht_capab to '' for 20MHz htmode.
Fixes: #20762
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/20768
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cbc8ff0e6226 github: ci: add powerpc arch
8eba02233133 github: ci: add cmake build and source directories
5f3104ea17ae github: ci: disable json-c tests
27ff42cd40f9 scripts: devel-build: disable json-c tests
e0a9d02b52d1 dhcpv6: DHCPV6_OPT_INFO_REFRESH contains a 4 byte option
5a02da9c1200 dhcpv6: use compile time resolved sizeof(struct in6_addr) for IPv6 values
cf203ceb3fc8 dhcpv6: set a static define for DUID max length
3627e85d1540 dhcpv6: set static defines for DHCPv6 option header size
ecb9a0243e77 odhcp6c: RFC comments
c284c587d37d all: spell fixes
1259a32d7e4d dhcpv6: dhcpv6_handle_reply switch case handling
227280a37853 dhcpv6: dhcpv6_handle_advert; migrate if blocks to switch case
b253f8907e72 dhcpv6: migrate to switch case for dhcpv6_handle_reply
61a54db802cb dhcpv6: migrate to switch case for dhcpv6_handle_reply
49c64bbe00ba all: drop CER_ID
16ce83075b2e dhcpv6: refactor u8 and u16 to u32 to avoid boolean coercion
e5690c1f13...cbc8ff0e62
Options related to homenet (EXT_CER_ID) have been removed, so drop them from
the package.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20791
This handles the case when 'wpad' or 'wpad-mini' package is used which is
missing WPA3 support. This makes it impossible to use ucode wifi-scripts
on such APs as it will raise an error:
daemon.err hostapd: Line 87: unknown configuration item 'sae_password_file'
This also achieves parity with what is currently happening with old wifi-scripts.
The behavior now matches.
Fixes: https://github.com/openwrt/openwrt/issues/20781
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20784
Signed-off-by: Robert Marko <robimarko@gmail.com>
Only set rsn_override_key_mgmt when rsn_override is enabled.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When encryption is set to 'sae' without explicit pairwise cipher in
non-HE/EHT mode, both the main RSNE and override RSNE would advertise
identical parameters (SAE+CCMP+MFP=2), adding unnecessary overhead.
Check that the pairwise ciphers differ before enabling override. This
preserves the intended behavior for HE/EHT modes (GCMP-256+CCMP vs CCMP)
while avoiding pointless override IEs.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The function was using phydev.name (e.g., "phy0.0") instead of
phydev.phy (e.g., "phy0") when calling wpa_supplicant.phy_set_macaddr_list.
This is inconsistent with all other wpa_supplicant ubus calls in the same
file which correctly use phydev.phy.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When an MLO interface specifies multiple radios and the first radio
is disabled, the MLO configuration was never created because the code
only attempted to create it when processing the first device in the
list (which gets skipped if disabled).
Fix by creating the MLO config for the first enabled device instead
of only when processing dev_names[0].
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Assign the address at wdev create time, similar to legacy interfaces.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ensure that the 4addr flag is passed to phy.wdev_add.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When using wpad-openssl/wpad-basic-openssl, wpa_supplicant/hostapd may not be ready because of openssl.
This cause supplicant.setup and hostapd.setup to be failed.
Therefore, wait for wpa_supplicant/hostapd to be ready before supplicant.setup and hostapd.setup.
Run-tested: mediatek/filogic GL-MT3000
fixes: #20361
Signed-off-by: Andy Chiang <AndyChiang_git@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Use stationary_ap configuration for 6GHz AX AP (not only BE).
This change fixes the 6GHz network not visible issue for QCN9024.
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Make it a little bit more consistant, and a bit more idiomatic.
Signed-off-by: David Härdeman <david@hardeman.nu>
Link: https://github.com/openwrt/openwrt/pull/20673
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The support has been removed from odhcpd, so remove the Makefile options
related to homenet.
Signed-off-by: David Härdeman <david@hardeman.nu>
Link: https://github.com/openwrt/openwrt/pull/20673
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
"system" is used to get the current time zone, "network" is used to get
the global DUID.
Signed-off-by: David Härdeman <david@hardeman.nu>
Link: https://github.com/openwrt/openwrt/pull/20673
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Support for this option has been removed from odhcpd, so remove it in
the defaults as well.
Signed-off-by: David Härdeman <david@hardeman.nu>
Link: https://github.com/openwrt/openwrt/pull/20673
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This exands the list of AKMs to display:
- display the hash when larger than the default (loosely based on
what hostapd uses in config).
- renaming 'WPA PSK2' to 'WPA PSK-SHA256' as a result
- separate FILS suites from plain 802.1x
- add suites 3, 5, 9, 19, 20, 24, and 25
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
Escape control characters when displaying ESSID. It is not uncommon for
a scan to encounter invalid SSIDs, containing binary data. Escape the
control characters to avoid messing the display (ENQ is particularly
bothersome).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
This adds the ESSID: line to the iwinfo scan results.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
This implements 65a1c666f2 ("hostapd: add SAE support for wifi-station
and optimize PSK file creation") and 913368a2 ("hostapd: add support for
SAE in PPSK option") for the ucode version as well.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/19965
Signed-off-by: Robert Marko <robimarko@gmail.com>
40563018dc87 iwinfo: print HT operation only if present
5f4c213fc59f iwinfo: export HE and EHT operation in scan results
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/20690
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently we unconditionally set it to 2.0 if 802.11ac and disregard
what the user set. This sets it to 2.0 only as a default in case
user didn't specify a tx_burst setting.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20565
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is useful if multiple passwords were specified without
the use of a SAE password identifier. This is the only
way to get multiple passwords for a single peer to work
without resorting to password identifiers.
Unfortunately, support for password identifiers is non-existent
on Android and macOS; and possibly others. So this is the only
option in that case.
As an alternative, one could also continue to use WPA2-PSK instead
as that could easily resort to a bruteforce approach without any
complications.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20597
Signed-off-by: Robert Marko <robimarko@gmail.com>
As this is generally only useful with "proxy_arp" enabled,
we default na_mcast_to_ucast to true if "proxy_arp" is already
enabled.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20596
Signed-off-by: Robert Marko <robimarko@gmail.com>
The raw option inside 'config wifi-iface' is called hostapd_bss_options,
not hostapd_options.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20657
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
`list address` entries in /etc/config/dhcp are sometimes (I'm not sure
about the exact conditions) passed to upstream resolver, bypassing local
resolution. Adding them (minus the IP) to --local prevents this. In the
configuration, this means that
# /etc/config/dhcp
list address '/hello.com/world.com/1.2.3.4'
list address '/foo.com/bar.com/4.3.2.1'
which previously translated into
# /var/etc/dnsmasq.conf.*
address=/hello.com/world.com/1.2.3.4
address=/foo.com/bar.com/4.3.2.1
now becomes
# /var/etc/dnsmasq.conf.*
address=/hello.com/world.com/1.2.3.4
local=/hello.com/world.com/
address=/foo.com/bar.com/4.3.2.1
local=/foo.com/bar.com/
This behaviour is controlled by the `address_as_local` boolean option, which
defaults to false (old behaviour). openwrt/luci#7957 adds support for this flag
to LuCI.
A workaround for a small list of domains is to add them to `option local`,
but this is very tedious to do for every `list address` entry and dnsmasq
limits this option to 1024 characters.
Signed-off-by: Marko Zajc <marko@zajc.tel>
Link: https://github.com/openwrt/openwrt/pull/18610
Signed-off-by: Robert Marko <robimarko@gmail.com>
Edit CMakeLists.txt to fulfill cmake 4.0 requirement that
cmake_minimum_required is now at least 3.5 and in future 3.10.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/20265
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
d44af6dd8f4e dhcpv6: create struct dhcpv6_lease
4df45c8c3722 dhcpv4: create struct dhcpv4_lease
a6dccae41b60 odhcpd: struct lease -> struct lease_cfg
fc0abb66f122 dhcpv4: use leasetime from a->lease
74eeff193848 router: always use link-local src address for RAs
b9a071b8341f router: Rewrite the ingress MTU to one configured for the interface
1ef9e0e610d5 router: utilize interface ra_mtu for RA
1480c09ee0aa config: clamp ra_mtu to interface MTU, and default ra_mtu to interface MTU
ee4f0df6bd68 netlink: Store interface MTU at link change
d174e25e85a1 github: fix CI apt dependencies
8f393d55a76e odhcpd: more fixes for IID calculations
fc27940fe9...d44af6dd8f
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
b3e1db42b4db odhcp6c: fix safe interval processing to follow RFC 4862
63461f64d4c1 dhcpv6: always include IA_NA and IA_PD in Request message if requested
1051cabb4da3 dhcpv6: fix incorrect IA type being printed in syslog
c5237eabeb5c odhcp6c: prevent RELEASE at shutdown when -k is set
a01b1ff1e50f odhcp6c: fix client exiting if Renew and Rebind fails
4839bf6d0feb odhcp6c: implement RKAP: Reconfiguration Key Authentication Protocol
52a9a847def4 dhcpv6: fix solicit loop when server has no address available
7b1f67c23de6 ubus: implement ubus methods to force a Renew and Release
2b0e8f2d8541 ubus: implement retransmission configuration via ubus
8d89d373f360 odhcp6c: add failure when -E option is used without ubus support enabled
58f3c9eb1163 odhcp6c: add new argument option to disable script call
1048fc4fb622 reconfigure: move all configuration functions to a new file
93f056d3a1f2 reconfigure: implement DHCP reconfiguration
af669fb23cd3 dhcpv6: implement statistics for DHCPv6
3a1a599fecb7 ubus: implement UBus method to get state data immediately
44c50214997d ubus: emit UBus event on DHCP state changes
33b972bc526a ubus: connect to UBus backend
2f609f248faf odhcp6c: implement asynchronous handling for DHCPv6 State
6466314e7f62 odhcp6c: enable Non-Blocking DHCPv6 Socket
1df65f0caf46 dhcpv6: refactor dhcp_request Function
047c63a8156b dhcpv6: add t1 and t2 transmission
1b5f0c402bbf dscp: add option to set dscp value
96017df54d8f dhcpv6: fix wrong retransmission of DHCPv6 Solicit
b929fc8a1cfd odhcp6c: add a simple build script
adc651ffed55 cmake: make libubox mandatory
5182e2b696ef cmake: drop EXT_PREFIX_CLASS
8d052c52e18d cmake: disable pedantic
f2521b296b21 github: fix CI apt dependencies
77e1ae21e6...b3e1db42b4
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
If proto 'dhcpv6' is set for an interface, dynamic interfaces are created
for the protocols map, dslite or 464xlat if this netifd protocols are
installed and the interface option is not explicitly set to '0'.
The problem is that this option cannot be configured via LuCI, which means
that the dynamic protocols are started. In my case, that is the '464xlat'
'6in4' protocol. I see the follwing log messages continuously in the log as
I do not have a '464xlat' in my network.
Fri Aug 22 10:36:33 2025 daemon.notice netifd: Interface 'wan6_4' is now down
Fri Aug 22 10:36:33 2025 daemon.notice netifd: Interface 'wan6_4' is setting up now
Fri Aug 22 10:36:36 2025 daemon.notice netifd: Interface 'wan6_4' is now down
Fri Aug 22 10:36:36 2025 daemon.notice netifd: Interface 'wan6_4' is setting up now
To fix this by adding a new option to disable the dynamic interface creation
for '4in6' if needed. The option is named '4in6_dynamic' and is a boolean.
If the new option is 'true' (default) dynamic interfaces are create.
If the new option set to 'false' no dynamic 4in6 interface are created.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The variable definitions are very confusing. Therefore, this commit groups
them together so that the line length is not exceeded.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This allow configuring the MTU of the ds-lite tunnel.
Updates #8190
Signed-off-by: Mateusz Poliwczak <mpoliwczak34@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20606
Signed-off-by: Robert Marko <robimarko@gmail.com>
This allows wpa_supplicant to process pending netlink socket messages
first. Without this change, there is a race condition where the newly
created interface processes netlink events from the removal of the
previous interface.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes it possible to have more flexible control over the supplicant
without having to install wpa_cli.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
AUTORELEASE has been deprecated from a long time. Drop it and hardcode
the release following the current one present in the downloads
repository.
Link: https://github.com/openwrt/openwrt/pull/20586
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
With this change, the interface identifier can be configured via LuCI.
Signed-off-by: Peter Meiser <peter.meiser@gmx.com>
Link: https://github.com/openwrt/openwrt/pull/19318
Signed-off-by: Robert Marko <robimarko@gmail.com>
0d0fac30075f dhcpv4: bump problem scenario up to warn
bf6137092346 config: properly set log level from uci
7956f4271b4e dhcpv6: RFC4833 timezones
7000557cd8f6 dhcpv6-ia: respect prefix assigned to interface (>= /64)
e1e60601ffeb odhcpd: improve odhcpd_urandom()
c2eb4b59f107 config: fix erroneous clamp message if clamp value == max
54b9e729b00d dhcpv4: bail earlier on release/decline
417f4b11d352 dhcpv4: don't hardcode options array length
d63fa3c3612c dhcpv4: shrink struct dhcpv4_message
9653b43617e3 dhcpv4: use iovec for forcereconf messages, fix hash
bf41f4edfbe3 dhcpv4: fix padding of iovec message in dhcpv4_handle_msg()
be68f423c528 dhcpv4: some minor cleanups post-iovec
e24a371ef714 dhcpv4: use iovec for forcerenew opts
bd353e891ae6 dhcpv4: use iovec for router and DNS server
b81cfaa7859e dhcpv4: use iovec for DNS search and MTU
578a9289440b dhcpv4: use iovec for netmask/hostname/broadcast
5bafc17b79d8 dhcpv4: use iovec for leasetime/renew/rebind
b63448ffe447 dhcpv4: introduce a reply_opts array
0533eaea0a94 dhcpv4: use iovec for DNR
6329e37d595d dhcpv4: use iovec for NTP
87fee619205d dhcpv4: use iovec for message and serverid
2f97bf0b56de dhcpv4: reorder some more variables in dhcpv4_handle_msg()
18c1b02bdc20 dhcpv4: remove one more variable from dhcpv4_handle_msg()
6fd691ff29cd dhcpv4: move dest handling from dhcpv4_handle_msg()
1f803caf9a1f dhcpv4: don't copy reqopts around
b1be3984ebf8 dhcpv4: more refactoring of dhcpv4_handle_msg()
85717bedf8ce dhcpv4: clarify variable names in dhcpv4_handle_msg()
be864ccf9919 dhcpv4: some more cleanups to dhcpv4_handle_msg()
f87464520564 dhcpv4: preparations for iovec usage
f48e1c205af3 odhcdp: use a more suitable clock
7e78caac4eae dhcpv6: change dhcpv6 message type check in relay
288abd9c4046 dhcpv6: move dhcpv6 message type check for early exit
d504458ef515 odhcpd: add a simple build script
4ee309a54011 github: improve CI
ff3a241ccc98 odhcpd: shrink binary size by creating a logging function
e2ecf7ba6d72 odhcpd: support stderr logging
5de3b0d5b509 odhcpd: add log helpers
398d03a1a236 config: cap dhcpv6_pd_min_len to max instead of only logging error
4f54738d3ae7 config: clamp dhcpv6_hostid_len instead of only logging an error
465f19c9c2e3 config: clamp ra_mtu into 1280-65535 range
434b06133997 config: cap ra_retranstime and warn instead of only logging an error
e5f58a90a147 config: cap ra_hoplimit to maximum and warn instead of logging an error
208eb10307c1 config: cap ra_reachabletime to RFC maximum instead of logging error
93449f1513b4 config: drop double size lease times; they are all UINT32_MAX;
439c0ceab131 router: redefine ra_mininterval and ra_maxinterval as uint32_t
84b4dfe81363 config: clamp ra_mininterval, ra_maxinterval, ra_lifetime at load time
aa4f26232e05 router: refactor calc_ra_lifetime; redefine ra_lifetime as uint32_t
6ece28ffd475 config: do MaxRtrAdvInterval init at (ra_maxinterval) init time
dc03e02d973e router: Apply updated values from RFC9096 (updates RFC4861) to RA/ND
cc7766c12abe router: Apply updated values from RFC8319 (updates RFC4861) to RA/ND
964da13e758c config: refactor parse_leasetime() - branch amount remains same
9646c749467b github: fix CMAKE_SYSTEM_PROCESSOR copy&paste
288206c9a2ed github: add CI build
30780debd691 odhcpd: fix a compilation error
e0b2c3cf9476 odhcpd: allow assignments to be reassigned
01e5e311b0db odhcpd: support multiple per-client DUIDs
aebc647a6b7b odhcpd: support assignments on the basis of IAID
cc3ec9c20c61 odhcpd: support IAIDs for static DHCPv6 leases
e42c62725942 odhcpd: break up complex matching logic
e1123906a4bc odhcpd: document the ubus interface
c69200195263 dhcpv4: generate dbus events on lease expiry
dd7a2d474d0d dhcpv4: fix ubus events
22481d848e0d odhcpd: remove mac_len argument to ubus_bcast_dhcp_event()
d31d64efd56c odhcpd: fix ubus support flag in help msg
9bc1b4e26e10 odhcpd: reduce use of WITH_UBUS defines in code
d402cdae4316 ndp: fix macOS IPv6 compatibility by using link-local source addresses
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
77e1ae21e67f odhcp6c: set server address from Information-request reply
e24ac1cf8c27 dhcpv6: use a per-interface IAID for IA_NA requests
053e6c4b3863 github: improve CI
b65ff293a969 dhcpv6: Check status code for IA_ADDR operations
3c7e425169e1 dhcpv6: Add error checking to handle renew failure for IA_PD operations
8de25373a860 dhcpv6: dhcpv6_parse_ia refactor to switch case
ca3cd525f447 odhcp6c: fix deamon raw buffer inc
d7afeea2b965 dhcpv6c: fix illegal DHCPV6_OPT_FQDN
70f7467db301 script: don't ignore RA with zero router lifetime
6ca1552cb3fe odhcp6c: sync and accumulate RA & DHCPv6 events as fast as possible
29b58cfb4711 odhcp6c: update cmake file
ee6d4a82bbeb github: add CI build
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
