Interface might be down or scanning. Better do a full restart in order to avoid
messing up the runtime state.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Do not allow hostapd phy state update to bring up links as long between mld_set
and mld_start calls. Configuration on other PHYs could still be pending.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Bring up AP interfaces, even if no frequency update was provided.
Fixes bringup when a MLO STA on the same radios connects to fewer links
than available, or to a non-MLD AP.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Removing the last remaining link from an MLD AP interface removes the
interface as well. Re-create the interface if necessary on config changes.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Can also be used for a client mode interface that is able to connect on
multiple bands individually, while handling hostapd state for the correct
band.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
33fb6c738bc4 P2P2: Enable some testing parameters without CONFIG_TESTING_OPTIONS
56616c4183a6 P2P2: Update device name with USD device found
1d791939dcdf Cancel pending connect radio work when network is removed
8235e21d7fe3 P2P: Fix preferred frequency list size handling in p2p_check_pref_chan()
4bc754d9c727 Add QCA vendor interface to enable/disable TX power limit
d65f5705df98 Add QCA vendor attribute to disable A-MSDU address check validation
74881765b7fb nl80211: Use i802_bss in qca_set_allowed_ap_freqs() to use correct ifindex
ca8303135cbb P2P2: Set P2P mode to the driver on P2P GO device
063ae7af68dc ACS: Fix incorrect index calculation for primary channel
4aa3a58377c1 ACS: Validate all channels in a segment before selection
02c9d3376224 ACS: Extend support to exclude 6 GHz non-PSC in non-offloaded ACS
307365eb57bb tests: Add test for ACS exclude 6 GHz non-PSC
0721e4886316 Add QCA vendor attribute to configure EHT RTWT support
76b39db44c77 QCA vendor attribute to configure BTM MLD Recommendation For Multiple APs support
2faeffdeca22 AP MLD: Properly deinit sm of non-ML STA connected to ML AP
e4f4e5a872a5 AP MLD: Fix STA's flag wrongly updated in SME-in-driver cases
ec6cade42c0f Increase buffer size to handle long freq_list entries in config
0522585da7b0 Write freq_list as per-network item in wpa_supplicant.conf
5e527704b912 Use SCS reconfiguration logic under CONFIG_NO_ROBUST_AV
5d6214a724c1 PASN: Clear driver/firwmare ranging context if PASN Auth 1 fails
14dc782d50db DPP: Avoid generating DPP shared secret(z) for non-association links
40326b60b17a RSNO: Allow OWE to be configured in RSN overrides in AP processing
acadef1b04d5 hostapd_cli: Open a new hostapd connection on ping failure when using -a
ac0d9bd80ec5 Add QCA vendor attributes to configure global TX chain mask
f5b8ef6c966a Add QCA vendor attributes for MSDU TX statistics
6c11fcefe4fc hostapd: Prevent blocking sends on control interface monitor socket
0bbb8a66f64c AP MLD: Remove redundant outer loop in hostapd_notif_disassoc_mld()
52fb5ccd91f3 AP MLD: Avoid using mld_id to identify partners
7bb930d50b5f wpa_supplicant: Add option to disable 80+80 MHz opclass advertisement
9001059bd6ad tests: Make dbus_connect_oom more robust
663fb1940231 AP MLD: Fix hostapd_is_mld_ap() check
590f3bdb4c61 AP MLD: Rename hostapd_is_mld_ap() to hostapd_is_multiple_link_mld()
b13b69a235f7 Add VLANID in the AP-STA-CONNECTED events
c1e8b1c6462b SAE: Assign VLAN when using PMKSA caching
9bc29dcdfdee SAE: Default password binding through control interface
9de127c31c40 tests: More testing coverage for SAE with multiple passwords
5ce1d4180386 nl80211: Fix crash by cancelling scan timeout before a BSS is removed
ca266cc24d87 nl80211: Fix crash by setting the drv->ctx properly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Execute scripts in /etc/rc.wps until one of them returns a exit code of 0.
Split up sta and ap handling of wps into separate scripts.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes a crash on some config reload types
Fixes: 816c2d86e7 ("hostapd: add support for MLO interfaces in ucode")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
MLO interface config is provided in a separate ubus call before
adding regular per-phy interfaces.
Preparation for full MLO support.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
As discussed in openwrt#17517, there are contents of hostapd's configuration file logged in syslog.
This includes critical information like `passphrase`. To circumvent this condition,
this commit logs only "inline" if config_fname is inline data.
Otherwise the upstream logic of hostapd applies.
Fixes: openwrt#14049
Signed-off-by: Christian Korber <ck@dev.tdt.de>
Link: https://github.com/openwrt/openwrt/pull/17718
Signed-off-by: Robert Marko <robimarko@gmail.com>
nl80211 events were propagated to the wrong interfaces
Fixes: 2ac791e87d ("hostapd: update to version 2025-06-27")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Manually refreshed:
140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
601-ucode_support.patch
Fixed in upstream:
804-hostapd-revert-ACS-Validate-6-GHz-AP-criteria-before.patch [1]
Automatically rebased all other patches.
[1] https://w1.fi/cgit/hostap/commit/?id=0b60826a66885bffa2fd709ed5e48cd5fe241b6b
Signed-off-by: Agustin Lorenzo <agustin.lorenzo@thinco.es>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
802.11be capable platforms are big enough to not need the mini variant,
and removing it here saves space for other other devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes status information and scanning on extra BSS interfaces when operating
on multi-radio devices.
Reported-by: Chad Monroe <chad.monroe@adtran.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ensure that hapd->own_addr is set properly, since hostapd_setup_bss
only handles it for secondary BSS interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When running ACS on multi-radio devices, ACS on one band can block another.
Increase the number of retries and prevent bouncing interfaces between AP
and STA mode during attempts.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
By OpenWrt's design, hostapd runs in a single global instance for all radios supported by the device, rather than one instance per radio like hostapd usually does.
Signed-off-by: Agustin Lorenzo <agustin.lorenzo@thinco.es>
Link: https://github.com/openwrt/openwrt/pull/18426
Signed-off-by: Robert Marko <robimarko@gmail.com>
Manually refreshed:
301-mesh-noscan.patch
601-ucode_support.patch
770-radius_server.patch
Automatically rebased all other patches.
Signed-off-by: Agustin Lorenzo <agustin.lorenzo@thinco.es>
Link: https://github.com/openwrt/openwrt/pull/18426
Signed-off-by: Robert Marko <robimarko@gmail.com>
Enable Device Provisioning Protocol (DPPv2) in hostapd
for the "full" build-variants.
DPPv2 currently does not compile with WolfSSL due to
missing PKCS7 and certificate support.
Link: https://github.com/openwrt/openwrt/pull/18485
Signed-off-by: Gustavo Bertoli <gubertoli@gmail.com>
Currently, logging level of the RADIUS server is a constant corresponding
to the highest verbosity (EXCESSIVE, ALL), but when running as a system
service, the output is discarded.
This commit makes logging verbosity configurable by `log_level` option
and redirects all logs to `logd`. Possible levels are defined in hostap
sources:
https://w1.fi/cgit/hostap/tree/src/utils/wpa_debug.h?id=012a893c469157d5734f6f33953497ea6e3b0169#n23
Their reference is inlined in `radius.config` file.
Default value for logging verbosity is INFO (even if the `-l` flag isn't
specified).
Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
Link: https://github.com/openwrt/openwrt/pull/18089
Signed-off-by: Robert Marko <robimarko@gmail.com>
Even though IPv6 support for hostapd RADIUS server is implemented
(flag `-6`), it's not possible to enable it from configuration.
This commit adds this option and adapts init script.
Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
Link: https://github.com/openwrt/openwrt/pull/18089
Signed-off-by: Robert Marko <robimarko@gmail.com>
`ucv_array_set` releases the array's reference to the object being cleared.
If this is the last reference to the object, it will be freed, making our
pointer `val` invalid.
To avoid this, we need to obtain our own reference to the object so we
can safely return `val`.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Since `wpa_ucode_registry_add` collects its own reference to the values added, the
two functions `hostapd_ucode_bss_get_uval` and `hostapd_ucode_iface_get_uval` would
sometimes return a referenced object (from `uc_resource_new`) and sometimes return
an unreferenced object (from `wpa_ucode_registry_get`). Now, both functions always
return a referenced object.
This change also indirectly fixes `hostapd_ucode_bss_get_uval`, ensuring it now
always returns a referenced object.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Remove extra ucv_get calls when passing a referenced value to an object
without using it further.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a common reference counting bug typically along the lines of:
```
uc_value_push(ucv_get(ucv_string_new(...)));
```
This would leave our new string with a reference count of 2, one from
the construction of the string, the other from `ucv_get`. This would
prevent the strings from being correctly cleaned up when it goes out
of scope.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs
Fixes: b2a2c28617 ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
