Most users on forums face a broken 802.11r setup when having
a very simple 802.11r config (i.e., just ieee80211r enabled).
In most cases, simply bumping reassociation_deadline to
20000 fixes their problems and allows 802.11r to just work.
Reassociation Deadline is already set to 20 seconds on Cisco
equipment by default[1] which is why this value has been
chosen.
It is also mentioned on the OpenWRT Wiki as a value that should
be changed in order for 802.11r to work on Apple devices. I think
it would be better to change the defaults instead so users don't
have to do much work for a working setup.
[1]: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Fixes: https://github.com/openwrt/openwrt/issues/7907
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20799
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is useful to alter the default ban time after an STA
association is rejected for being below RSSI threshold.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20811
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently the path for setting 20MHz doesn't set ht_capab to '' at the
beginning which results in null in ht_capab in hostapd.conf.
Fix this by setting config.ht_capab to '' for 20MHz htmode.
Fixes: #20762
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/20768
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This handles the case when 'wpad' or 'wpad-mini' package is used which is
missing WPA3 support. This makes it impossible to use ucode wifi-scripts
on such APs as it will raise an error:
daemon.err hostapd: Line 87: unknown configuration item 'sae_password_file'
This also achieves parity with what is currently happening with old wifi-scripts.
The behavior now matches.
Fixes: https://github.com/openwrt/openwrt/issues/20781
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20784
Signed-off-by: Robert Marko <robimarko@gmail.com>
Only set rsn_override_key_mgmt when rsn_override is enabled.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When encryption is set to 'sae' without explicit pairwise cipher in
non-HE/EHT mode, both the main RSNE and override RSNE would advertise
identical parameters (SAE+CCMP+MFP=2), adding unnecessary overhead.
Check that the pairwise ciphers differ before enabling override. This
preserves the intended behavior for HE/EHT modes (GCMP-256+CCMP vs CCMP)
while avoiding pointless override IEs.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When using wpad-openssl/wpad-basic-openssl, wpa_supplicant/hostapd may not be ready because of openssl.
This cause supplicant.setup and hostapd.setup to be failed.
Therefore, wait for wpa_supplicant/hostapd to be ready before supplicant.setup and hostapd.setup.
Run-tested: mediatek/filogic GL-MT3000
fixes: #20361
Signed-off-by: Andy Chiang <AndyChiang_git@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Use stationary_ap configuration for 6GHz AX AP (not only BE).
This change fixes the 6GHz network not visible issue for QCN9024.
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
This exands the list of AKMs to display:
- display the hash when larger than the default (loosely based on
what hostapd uses in config).
- renaming 'WPA PSK2' to 'WPA PSK-SHA256' as a result
- separate FILS suites from plain 802.1x
- add suites 3, 5, 9, 19, 20, 24, and 25
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
Escape control characters when displaying ESSID. It is not uncommon for
a scan to encounter invalid SSIDs, containing binary data. Escape the
control characters to avoid messing the display (ENQ is particularly
bothersome).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
This adds the ESSID: line to the iwinfo scan results.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20686
Signed-off-by: Robert Marko <robimarko@gmail.com>
This implements 65a1c666f2 ("hostapd: add SAE support for wifi-station
and optimize PSK file creation") and 913368a2 ("hostapd: add support for
SAE in PPSK option") for the ucode version as well.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/19965
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently we unconditionally set it to 2.0 if 802.11ac and disregard
what the user set. This sets it to 2.0 only as a default in case
user didn't specify a tx_burst setting.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20565
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is useful if multiple passwords were specified without
the use of a SAE password identifier. This is the only
way to get multiple passwords for a single peer to work
without resorting to password identifiers.
Unfortunately, support for password identifiers is non-existent
on Android and macOS; and possibly others. So this is the only
option in that case.
As an alternative, one could also continue to use WPA2-PSK instead
as that could easily resort to a bruteforce approach without any
complications.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20597
Signed-off-by: Robert Marko <robimarko@gmail.com>
As this is generally only useful with "proxy_arp" enabled,
we default na_mcast_to_ucast to true if "proxy_arp" is already
enabled.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20596
Signed-off-by: Robert Marko <robimarko@gmail.com>
The raw option inside 'config wifi-iface' is called hostapd_bss_options,
not hostapd_options.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20657
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Export WiFi 6E (HE) and WiFi 7 (EHT) operation data in scan results.
These additional data can be useful to check wifi channel utilization
by nearby stations.
Example:
Cell 32 - Address: xx:xx:xx:xx:xx:xx
Mode: Master Frequency: 6.115 GHz Band: 6 GHz Channel: 33
Signal: -14 dBm Quality: 70/70
Encryption: SAE (CCMP)
HE Operation:
Center Frequency 1: 39
Center Frequency 2: 47
Channel Width: 160 MHz
EHT Operation:
Center Frequency 1: 47
Center Frequency 2: 63
Channel Width: 320 MHz
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/19208
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently wifi-scripts ucode appends airtime_mode to hostapd config file
unconditionally.
However this breaks bringing up interface with hostapd-mini
because the mini variant doesn't support airtime policy.
Fix this by changing the script to append airtime_mode only when
airtime_mode is set to greater than zero value in /etc/config/wireless.
Fixes: #20136Fixes: #20314
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
There are no supported drivers where it even makes sense to disable WMM
anymore, since so much depends on it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The option is an array, and for each entry there should be one generated
line in hostapd.conf. Commas also need to be replaced with whitespace
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Can also be used for a client mode interface that is able to connect on
multiple bands individually, while handling hostapd state for the correct
band.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- fix the variable name in the configuration file
- provide a default scan list in case the user did not configure it (MLO preparation)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Move mlo specific hostapd ubus call from wireless handler to netifd core
ucode script. This avoids unnecessary queueing and the fake MLO wireless
device.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Currently it is printed as "null" (including quotes). Display it the same
as old iwinfo as unknown (no quotes).
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
When creating the PSK file, the old script sets `mac` to
`00:00:00:00:00:00` when `mac` is not specified (see [here][1]),
creating hostapd configuration lines like:
vlanid=10 00:00:00:00:00:00 MyStrongPassword
That matches any MAC address (a wildcard). The `ucode` script alternative
misses the default, so set it.
[1]: 9c26d14489/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh (L428)
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Unless HE/EHT is enabled, the client should not process the RSN override IE.
This prevents picking up unsupported ciphers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
