Control: tags -1 + patch Hello pkg-wpa Maintainers,
Last week I built myself a neat little Debian gateway box (two MikroTik radios, four ethernet ports), and wanted to take advantage of the 'survey_acs' channel selection feautre in hostapd 2.1. So I did a debcheckout of hostapd, replaced the source with a git clone of upstream, and finagled debian/* files, and got it up and running - it's been working great! I paid particular attention to merging upstream's defconfgs and debian/config/* files, activating several options: CONFIG_WPS_NFC CONFIG_EAP_EKE CONFIG_WNM CONFIG_IEEE80211AC CONFIG_DEBUG_LINUX_TRACING CONFIG_VLAN_NETLINK CONFIG_TLSV12 CONFIG_HS20 CONFIG_SQLITE CONFIG_TESTING_OPTIONS CONFIG_ACS CONFIG_HT_OVERRIDES CONFIG_VHT_OVERRIDES CONFIG_TDLS CONFIG_WIFI_DISPLAY CONFIG_AUTOSCAN_EXPONENTIAL CONFIG_AUTOSCAN_PERIODIC Note that CONFIG_SQLITE (which I haven't tested) added a Build-Depends on libsqlite3-dev. Upstream seems to have added a Build-Depends on libnl-route-3-dev. Patch '13_human_readable_signal.patch' was merged upstream. Patch 'hostapd_fix-WDS-VLAN-bridge-handling.patch' was merged upstream AFAICT, however lot's of code was changed in driver_nl80211.c so there could be a regression. Patch 'libnl3-includes.patch' needed a tiny refresh. Attached is the diff to just the debian/* tree. I could send the "svn diff" of the entire source but that seems redundant (especially considering how nicely prepared the debian packaging is for 2.x already!) BTW, looking at bug #536630, I'm also configured with IPv6 (although not static in interfaces file like the bug report, rather I'm using DHCPv6 Prefix Delegation instead), and hostapd 2.1 doesn't munge any global addresses, perhaps that bug is fixed upstream in 2.1. Hope to see 2.1 in jessie! -- Gerald Turner <gtur...@unzane.com> Encrypted mail preferred! OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
Index: wpa-2.1/debian/changelog =================================================================== --- wpa-2.1/debian/changelog (revision 1862) +++ wpa-2.1/debian/changelog (working copy) @@ -1,3 +1,29 @@ +wpa (2.1-0.1) unstable; urgency=medium + + * New upstream release: + - drop 13_human_readable_signal.patch, applied upstream. + - drop hostapd_fix-WDS-VLAN-bridge-handling.patch, applied upstream. + * Merged new config options: + - CONFIG_WPS_NFC + - CONFIG_EAP_EKE + - CONFIG_WNM + - CONFIG_IEEE80211AC + - CONFIG_DEBUG_LINUX_TRACING + - CONFIG_VLAN_NETLINK + - CONFIG_TLSV12 + - CONFIG_HS20 + - CONFIG_SQLITE + - CONFIG_TESTING_OPTIONS + - CONFIG_ACS + - CONFIG_HT_OVERRIDES + - CONFIG_VHT_OVERRIDES + - CONFIG_TDLS + - CONFIG_WIFI_DISPLAY + - CONFIG_AUTOSCAN_EXPONENTIAL + - CONFIG_AUTOSCAN_PERIODIC + + -- Gerald Turner <gtur...@unzane.com> Sun, 25 May 2014 19:00:00 -0700 + wpa (1.1-2) UNRELEASED; urgency=medium * NOT RELEASED YET Index: wpa-2.1/debian/config/hostapd/kfreebsd =================================================================== --- wpa-2.1/debian/config/hostapd/kfreebsd (revision 1862) +++ wpa-2.1/debian/config/hostapd/kfreebsd (working copy) @@ -98,10 +98,9 @@ CONFIG_EAP_GPSK_SHA256=y # EAP-FAST for the integrated EAP server -# Note: Default OpenSSL package does not include support for all the -# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, -# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch) -# to add the needed functions. +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. CONFIG_EAP_FAST=y # Wi-Fi Protected Setup (WPS) @@ -110,6 +109,8 @@ CONFIG_WPS2=y # Enable UPnP support for external WPS Registrars CONFIG_WPS_UPNP=y +# Enable WPS support with NFC config method +CONFIG_WPS_NFC=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y @@ -117,6 +118,9 @@ # Trusted Network Connect (EAP-TNC) CONFIG_EAP_TNC=y +# EAP-EKE for the integrated EAP server +CONFIG_EAP_EKE=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -138,6 +142,13 @@ # IEEE 802.11n (High Throughput) support CONFIG_IEEE80211N=y +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +CONFIG_WNM=y + +# IEEE 802.11ac (Very High Throughput) support +CONFIG_IEEE80211AC=y + # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging # code is not needed. @@ -147,6 +158,12 @@ # Disabled by default. CONFIG_DEBUG_FILE=y +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + # Remove support for RADIUS accounting #CONFIG_NO_ACCOUNTING=y @@ -160,7 +177,11 @@ # automatically create bridge and VLAN interfaces if necessary. #CONFIG_FULL_DYNAMIC_VLAN=y -# Remove support for dumping state into a file on SIGUSR1 signal +# Use netlink-based kernel API for VLAN operations instead of ioctl() +# Note: This requires libnl 3.1 or newer. +CONFIG_VLAN_NETLINK=y + +# Remove support for dumping internal state through control interface commands # This can be used to reduce binary size at the cost of disabling a debugging # option. #CONFIG_NO_DUMP_STATE=y @@ -226,6 +247,10 @@ # are used. CONFIG_TLSV11=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. +CONFIG_TLSV12=y + # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits @@ -247,6 +272,44 @@ # external networks. CONFIG_INTERWORKING=y +# Hotspot 2.0 +CONFIG_HS20=y + +# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file +CONFIG_SQLITE=y + +# Testing options +# This can be used to enable some testing options (see also the example +# configuration file) that are really useful only for testing clients that +# connect to this hostapd. These options allow, for example, to drop a +# certain percentage of probe requests or auth/(re)assoc frames. +# +CONFIG_TESTING_OPTIONS=y + +# Automatic Channel Selection +# This will allow hostapd to pick the channel automatically when channel is set +# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# You can customize the ACS survey algorithm with the hostapd.conf variable +# acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +# +CONFIG_ACS=y + # XXX: Debian #737465 # fix FTBS using gcc-4.8 by linking with -ldl on kfreebsd-any. This is # already accounted for by the upstream Makefile, however wrongly depending @@ -253,4 +316,3 @@ # on !CONFIG_DRIVER_BSD, while it is actually depending on the target libc # rather than the kernel. LIBS += -ldl - Index: wpa-2.1/debian/config/hostapd/linux =================================================================== --- wpa-2.1/debian/config/hostapd/linux (revision 1862) +++ wpa-2.1/debian/config/hostapd/linux (working copy) @@ -97,10 +97,9 @@ CONFIG_EAP_GPSK_SHA256=y # EAP-FAST for the integrated EAP server -# Note: Default OpenSSL package does not include support for all the -# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, -# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch) -# to add the needed functions. +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. CONFIG_EAP_FAST=y # Wi-Fi Protected Setup (WPS) @@ -109,6 +108,8 @@ CONFIG_WPS2=y # Enable UPnP support for external WPS Registrars CONFIG_WPS_UPNP=y +# Enable WPS support with NFC config method +CONFIG_WPS_NFC=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y @@ -116,6 +117,9 @@ # Trusted Network Connect (EAP-TNC) CONFIG_EAP_TNC=y +# EAP-EKE for the integrated EAP server +CONFIG_EAP_EKE=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -137,6 +141,13 @@ # IEEE 802.11n (High Throughput) support CONFIG_IEEE80211N=y +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +CONFIG_WNM=y + +# IEEE 802.11ac (Very High Throughput) support +CONFIG_IEEE80211AC=y + # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging # code is not needed. @@ -146,6 +157,12 @@ # Disabled by default. CONFIG_DEBUG_FILE=y +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +CONFIG_DEBUG_LINUX_TRACING=y + # Remove support for RADIUS accounting #CONFIG_NO_ACCOUNTING=y @@ -159,7 +176,11 @@ # automatically create bridge and VLAN interfaces if necessary. CONFIG_FULL_DYNAMIC_VLAN=y -# Remove support for dumping state into a file on SIGUSR1 signal +# Use netlink-based kernel API for VLAN operations instead of ioctl() +# Note: This requires libnl 3.1 or newer. +CONFIG_VLAN_NETLINK=y + +# Remove support for dumping internal state through control interface commands # This can be used to reduce binary size at the cost of disabling a debugging # option. #CONFIG_NO_DUMP_STATE=y @@ -225,6 +246,10 @@ # are used. CONFIG_TLSV11=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. +CONFIG_TLSV12=y + # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits @@ -245,3 +270,41 @@ # This can be used to enable functionality to improve interworking with # external networks. CONFIG_INTERWORKING=y + +# Hotspot 2.0 +CONFIG_HS20=y + +# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file +CONFIG_SQLITE=y + +# Testing options +# This can be used to enable some testing options (see also the example +# configuration file) that are really useful only for testing clients that +# connect to this hostapd. These options allow, for example, to drop a +# certain percentage of probe requests or auth/(re)assoc frames. +# +CONFIG_TESTING_OPTIONS=y + +# Automatic Channel Selection +# This will allow hostapd to pick the channel automatically when channel is set +# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# You can customize the ACS survey algorithm with the hostapd.conf variable +# acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +# +CONFIG_ACS=y Index: wpa-2.1/debian/config/wpasupplicant/kfreebsd =================================================================== --- wpa-2.1/debian/config/wpasupplicant/kfreebsd (revision 1862) +++ wpa-2.1/debian/config/wpasupplicant/kfreebsd (working copy) @@ -149,10 +149,9 @@ CONFIG_EAP_TTLS=y # EAP-FAST -# Note: Default OpenSSL package does not include support for all the -# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, -# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) -# to add the needed functions. +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. CONFIG_EAP_FAST=y # EAP-GTC @@ -206,10 +205,15 @@ # Disable credentials for an open network by default when acting as a WPS # registrar. CONFIG_WPS_REG_DISABLE_OPEN=y +# Enable WPS support with NFC config method +CONFIG_WPS_NFC=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y +# EAP-EKE +CONFIG_EAP_EKE=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -222,6 +226,12 @@ # Enable this if EAP-SIM or EAP-AKA is included CONFIG_PCSC=y +# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) +CONFIG_HT_OVERRIDES=y + +# Support VHT overrides (disable VHT, mask MCS rates, etc.) +CONFIG_VHT_OVERRIDES=y + # Development testing #CONFIG_EAPOL_TEST=y @@ -229,6 +239,7 @@ # unix = UNIX domain sockets (default for Linux/*BSD) # udp = UDP sockets using localhost (127.0.0.1) # named_pipe = Windows Named Pipe (default for Windows) +# udp-remote = UDP sockets with remote access (only for tests systems/purpose) # y = use default (backwards compatibility) # If this option is commented out, control interface is not included in the # build. @@ -254,11 +265,6 @@ # 35-50 kB in code size. #CONFIG_NO_WPA=y -# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to -# save about 1 kB in code size when building only WPA-Personal (no EAP support) -# or 6 kB if building for WPA-Enterprise. -#CONFIG_NO_WPA2=y - # Remove IEEE 802.11i/WPA-Personal ASCII passphrase support # This option can be used to reduce code size by removing support for # converting ASCII passphrases into PSK. If this functionality is removed, the @@ -302,9 +308,11 @@ # Select event loop implementation # eloop = select() loop (default) # eloop_win = Windows events and WaitForMultipleObject() loop -# eloop_none = Empty template CONFIG_ELOOP=eloop +# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + # Select layer 2 packet implementation # linux = Linux packet socket (default) # pcap = libpcap/libdnet/WinPcap @@ -317,9 +325,7 @@ # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) CONFIG_PEERKEY=y -# IEEE 802.11w (management frame protection) -# This version is an experimental implementation based on IEEE 802.11w/D1.0 -# draft and is subject to change since the standard has not yet been finalized. +# IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y @@ -337,6 +343,13 @@ # sent prior to negotiating which version will be used) CONFIG_TLSV11=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. It should be +# noted that some existing TLS v1.0 -based implementation may not be compatible +# with TLS v1.2 message (ClientHello is sent prior to negotiating which version +# will be used) +CONFIG_TLSV12=y + # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits @@ -402,6 +415,16 @@ # Set syslog facility for debug messages CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Add support for writing debug log to Android logcat instead of standard +# output +#CONFIG_ANDROID_LOG=y + # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y @@ -461,6 +484,14 @@ # IEEE 802.11n (High Throughput) support (mainly for AP mode) CONFIG_IEEE80211N=y +# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) +# (depends on CONFIG_IEEE80211N) +CONFIG_IEEE80211AC=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +CONFIG_WNM=y + # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks (GAS/ANQP to learn more about the networks and network @@ -467,6 +498,53 @@ # selection based on available credentials). CONFIG_INTERWORKING=y +# Hotspot 2.0 +CONFIG_HS20=y + +# Disable roaming in wpa_supplicant +#CONFIG_NO_ROAMING=y + +# AP mode operations with wpa_supplicant +# This can be used for controlling AP mode operations with wpa_supplicant. It +# should be noted that this is mainly aimed at simple cases like +# WPA2-Personal while more complex configurations like WPA2-Enterprise with an +# external RADIUS server can be supported with hostapd. +CONFIG_AP=y + +# P2P (Wi-Fi Direct) +# This can be used to enable P2P support in wpa_supplicant. See README-P2P for +# more information on P2P operations. +CONFIG_P2P=y + +# Enable TDLS support +CONFIG_TDLS=y + +# Wi-Fi Direct +# This can be used to enable Wi-Fi Direct extensions for P2P using an external +# program to control the additional information exchanges in the messages. +CONFIG_WIFI_DISPLAY=y + +# Autoscan +# This can be used to enable automatic scan support in wpa_supplicant. +# See wpa_supplicant.conf for more information on autoscan usage. +# +# Enabling directly a module will enable autoscan support. +# For exponential module: +CONFIG_AUTOSCAN_EXPONENTIAL=y +# For periodic module: +CONFIG_AUTOSCAN_PERIODIC=y + +# Password (and passphrase, etc.) backend for external storage +# These optional mechanisms can be used to add support for storing passwords +# and other secrets in external (to wpa_supplicant) location. This allows, for +# example, operating system specific key storage to be used +# +# External password backend for testing purposes (developer use) +#CONFIG_EXT_PASSWORD_TEST=y + +# Disable roaming in wpa_supplicant +#CONFIG_NO_ROAMING=y + # XXX: Debian #650834 CONFIG_BGSCAN_SIMPLE=y @@ -473,12 +551,6 @@ # XXX: Debian #678147 CONFIG_IBSS_RSN=y -# XXX: Wi-Fi P2P support -#CONFIG_P2P=y - -# XXX: Debian #690536 -CONFIG_AP=y - # XXX: Debian #737465 # fix FTBS using gcc-4.8 by linking with -ldl on kfreebsd-any. This is # already accounted for by the upstream Makefile, however wrongly depending @@ -485,4 +557,3 @@ # on !CONFIG_DRIVER_BSD, while it is actually depending on the target libc # rather than the kernel. LIBS += -ldl - Index: wpa-2.1/debian/config/wpasupplicant/linux =================================================================== --- wpa-2.1/debian/config/wpasupplicant/linux (revision 1862) +++ wpa-2.1/debian/config/wpasupplicant/linux (working copy) @@ -148,10 +148,9 @@ CONFIG_EAP_TTLS=y # EAP-FAST -# Note: Default OpenSSL package does not include support for all the -# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, -# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) -# to add the needed functions. +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. CONFIG_EAP_FAST=y # EAP-GTC @@ -205,10 +204,15 @@ # Disable credentials for an open network by default when acting as a WPS # registrar. CONFIG_WPS_REG_DISABLE_OPEN=y +# Enable WPS support with NFC config method +CONFIG_WPS_NFC=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y +# EAP-EKE +CONFIG_EAP_EKE=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -221,6 +225,12 @@ # Enable this if EAP-SIM or EAP-AKA is included CONFIG_PCSC=y +# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) +CONFIG_HT_OVERRIDES=y + +# Support VHT overrides (disable VHT, mask MCS rates, etc.) +CONFIG_VHT_OVERRIDES=y + # Development testing #CONFIG_EAPOL_TEST=y @@ -228,6 +238,7 @@ # unix = UNIX domain sockets (default for Linux/*BSD) # udp = UDP sockets using localhost (127.0.0.1) # named_pipe = Windows Named Pipe (default for Windows) +# udp-remote = UDP sockets with remote access (only for tests systems/purpose) # y = use default (backwards compatibility) # If this option is commented out, control interface is not included in the # build. @@ -253,11 +264,6 @@ # 35-50 kB in code size. #CONFIG_NO_WPA=y -# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to -# save about 1 kB in code size when building only WPA-Personal (no EAP support) -# or 6 kB if building for WPA-Enterprise. -#CONFIG_NO_WPA2=y - # Remove IEEE 802.11i/WPA-Personal ASCII passphrase support # This option can be used to reduce code size by removing support for # converting ASCII passphrases into PSK. If this functionality is removed, the @@ -301,9 +307,11 @@ # Select event loop implementation # eloop = select() loop (default) # eloop_win = Windows events and WaitForMultipleObject() loop -# eloop_none = Empty template CONFIG_ELOOP=eloop +# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + # Select layer 2 packet implementation # linux = Linux packet socket (default) # pcap = libpcap/libdnet/WinPcap @@ -316,9 +324,7 @@ # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) CONFIG_PEERKEY=y -# IEEE 802.11w (management frame protection) -# This version is an experimental implementation based on IEEE 802.11w/D1.0 -# draft and is subject to change since the standard has not yet been finalized. +# IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y @@ -336,6 +342,13 @@ # sent prior to negotiating which version will be used) CONFIG_TLSV11=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. It should be +# noted that some existing TLS v1.0 -based implementation may not be compatible +# with TLS v1.2 message (ClientHello is sent prior to negotiating which version +# will be used) +CONFIG_TLSV12=y + # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits @@ -401,6 +414,16 @@ # Set syslog facility for debug messages CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +CONFIG_DEBUG_LINUX_TRACING=y + +# Add support for writing debug log to Android logcat instead of standard +# output +#CONFIG_ANDROID_LOG=y + # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y @@ -460,6 +483,14 @@ # IEEE 802.11n (High Throughput) support (mainly for AP mode) CONFIG_IEEE80211N=y +# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) +# (depends on CONFIG_IEEE80211N) +CONFIG_IEEE80211AC=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +CONFIG_WNM=y + # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks (GAS/ANQP to learn more about the networks and network @@ -466,15 +497,55 @@ # selection based on available credentials). CONFIG_INTERWORKING=y +# Hotspot 2.0 +CONFIG_HS20=y + +# Disable roaming in wpa_supplicant +#CONFIG_NO_ROAMING=y + +# AP mode operations with wpa_supplicant +# This can be used for controlling AP mode operations with wpa_supplicant. It +# should be noted that this is mainly aimed at simple cases like +# WPA2-Personal while more complex configurations like WPA2-Enterprise with an +# external RADIUS server can be supported with hostapd. +CONFIG_AP=y + +# P2P (Wi-Fi Direct) +# This can be used to enable P2P support in wpa_supplicant. See README-P2P for +# more information on P2P operations. +CONFIG_P2P=y + +# Enable TDLS support +CONFIG_TDLS=y + +# Wi-Fi Direct +# This can be used to enable Wi-Fi Direct extensions for P2P using an external +# program to control the additional information exchanges in the messages. +CONFIG_WIFI_DISPLAY=y + +# Autoscan +# This can be used to enable automatic scan support in wpa_supplicant. +# See wpa_supplicant.conf for more information on autoscan usage. +# +# Enabling directly a module will enable autoscan support. +# For exponential module: +CONFIG_AUTOSCAN_EXPONENTIAL=y +# For periodic module: +CONFIG_AUTOSCAN_PERIODIC=y + +# Password (and passphrase, etc.) backend for external storage +# These optional mechanisms can be used to add support for storing passwords +# and other secrets in external (to wpa_supplicant) location. This allows, for +# example, operating system specific key storage to be used +# +# External password backend for testing purposes (developer use) +#CONFIG_EXT_PASSWORD_TEST=y + +# Disable roaming in wpa_supplicant +#CONFIG_NO_ROAMING=y + # XXX: Debian #650834 CONFIG_BGSCAN_SIMPLE=y # XXX: Debian #678147 CONFIG_IBSS_RSN=y - -# XXX: Wi-Fi P2P support -CONFIG_P2P=y - -# XXX: Debian #690536 -CONFIG_AP=y - Index: wpa-2.1/debian/control =================================================================== --- wpa-2.1/debian/control (revision 1862) +++ wpa-2.1/debian/control (working copy) @@ -13,9 +13,11 @@ libpcsclite-dev, libnl-3-dev (>= 3.2.3-2~) [linux-any], libnl-genl-3-dev (>= 3.2.3-2~) [linux-any], + libnl-route-3-dev (>= 3.2.3-2~) [linux-any], libpcap-dev [kfreebsd-any], libbsd-dev [kfreebsd-any], libreadline-dev, + libsqlite3-dev, pkg-config, qt4-qmake, docbook-to-man, Index: wpa-2.1/debian/patches/13_human_readable_signal.patch =================================================================== --- wpa-2.1/debian/patches/13_human_readable_signal.patch (revision 1862) +++ wpa-2.1/debian/patches/13_human_readable_signal.patch (working copy) @@ -1,162 +0,0 @@ -Description: Display signal strength in dBm with visual indicator in the form - of a bar for scan results displayed by wpa_gui-qt4. Any signal > -35dBm is - treated as full signal bar, signals between range of -95<->-35dBm are - displayed linearly. Convert WEXT signal level value to scale that nl80211 - typically reports in dBm. The condition which differentiates 8-bit WEXT dBm - and regular dBm is probably fragile, but there is currently no way to know - what the driver is going to report for signal strength. - See also: - http://mail.gnome.org/archives/networkmanager-list/2009-November/msg00003.html - http://lists.shmoo.com/pipermail/hostap/2009-April/019682.html -Author: Kel Modderman <k...@otaku42.de> -Bug-Debian: http://bugs.debian.org/630681 ---- ---- a/wpa_supplicant/wpa_gui-qt4/scanresults.cpp -+++ b/wpa_supplicant/wpa_gui-qt4/scanresults.cpp -@@ -15,6 +15,7 @@ - #include <cstdio> - - #include "scanresults.h" -+#include "signalbar.h" - #include "wpagui.h" - #include "networkconfig.h" - -@@ -33,6 +34,7 @@ ScanResults::ScanResults(QWidget *parent - wpagui = NULL; - scanResultsWidget->setItemsExpandable(FALSE); - scanResultsWidget->setRootIsDecorated(FALSE); -+ scanResultsWidget->setItemDelegate(new SignalBar(scanResultsWidget)); - } - - -@@ -91,7 +93,7 @@ void ScanResults::updateResults() - bssid = (*it).mid(pos); - else if ((*it).startsWith("freq=")) - freq = (*it).mid(pos); -- else if ((*it).startsWith("qual=")) -+ else if ((*it).startsWith("level=")) - signal = (*it).mid(pos); - else if ((*it).startsWith("flags=")) - flags = (*it).mid(pos); ---- /dev/null -+++ b/wpa_supplicant/wpa_gui-qt4/signalbar.h -@@ -0,0 +1,34 @@ -+/* -+ * wpa_gui - SignalBar class -+ * Copyright (c) 2011, Kel Modderman <k...@otaku42.de> -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License version 2 as -+ * published by the Free Software Foundation. -+ * -+ * Alternatively, this software may be distributed under the terms of BSD -+ * license. -+ * -+ * See README and COPYING for more details. -+ */ -+ -+#ifndef SIGNALBAR_H -+#define SIGNALBAR_H -+ -+#include <QObject> -+#include <QStyledItemDelegate> -+ -+class SignalBar : public QStyledItemDelegate -+{ -+ Q_OBJECT -+ -+public: -+ SignalBar(QObject *parent = 0); -+ ~SignalBar(); -+ -+ virtual void paint(QPainter *painter, -+ const QStyleOptionViewItem &option, -+ const QModelIndex &index) const ; -+}; -+ -+#endif /* SIGNALBAR_H */ ---- /dev/null -+++ b/wpa_supplicant/wpa_gui-qt4/signalbar.cpp -@@ -0,0 +1,64 @@ -+/* -+ * wpa_gui - SignalBar class -+ * Copyright (c) 2011, Kel Modderman <k...@otaku42.de> -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License version 2 as -+ * published by the Free Software Foundation. -+ * -+ * Alternatively, this software may be distributed under the terms of BSD -+ * license. -+ * -+ * See README and COPYING for more details. -+ */ -+ -+#include <cstdio> -+#include <qapplication.h> -+ -+#include "signalbar.h" -+ -+ -+SignalBar::SignalBar(QObject *parent) -+ : QStyledItemDelegate(parent) -+{ -+} -+ -+ -+SignalBar::~SignalBar() -+{ -+} -+ -+ -+void SignalBar::paint(QPainter *painter, -+ const QStyleOptionViewItem &option, -+ const QModelIndex &index) const -+{ -+ QStyleOptionProgressBar opts; -+ int signal; -+ -+ if (index.column() != 3) { -+ QStyledItemDelegate::paint(painter, option, index); -+ return; -+ } -+ -+ if (index.data().toInt() > 0) -+ signal = 0 - (256 - index.data().toInt()); -+ else -+ signal = index.data().toInt(); -+ -+ opts.minimum = -95; -+ opts.maximum = -35; -+ if (signal < opts.minimum) -+ opts.progress = opts.minimum; -+ else if (signal > opts.maximum) -+ opts.progress = opts.maximum; -+ else -+ opts.progress = signal; -+ -+ opts.text = QString::number(signal) + " dBm"; -+ opts.textVisible = true; -+ opts.rect = option.rect; -+ -+ QApplication::style()->drawControl(QStyle::CE_ProgressBar, -+ &opts, painter); -+} ---- a/wpa_supplicant/wpa_gui-qt4/wpa_gui.pro -+++ b/wpa_supplicant/wpa_gui-qt4/wpa_gui.pro -@@ -34,6 +34,7 @@ HEADERS += wpamsg.h \ - wpagui.h \ - eventhistory.h \ - scanresults.h \ -+ signalbar.h \ - userdatarequest.h \ - networkconfig.h \ - addinterface.h \ -@@ -44,6 +45,7 @@ SOURCES += main.cpp \ - wpagui.cpp \ - eventhistory.cpp \ - scanresults.cpp \ -+ signalbar.cpp \ - userdatarequest.cpp \ - networkconfig.cpp \ - addinterface.cpp \ Index: wpa-2.1/debian/patches/hostapd_fix-WDS-VLAN-bridge-handling.patch =================================================================== --- wpa-2.1/debian/patches/hostapd_fix-WDS-VLAN-bridge-handling.patch (revision 1862) +++ wpa-2.1/debian/patches/hostapd_fix-WDS-VLAN-bridge-handling.patch (working copy) @@ -1,53 +0,0 @@ -From c34e618d473c2572bf77daedec399e823fe6a262 Mon Sep 17 00:00:00 2001 -From: Felix Fietkau <n...@openwrt.org> -Date: Sat, 15 Sep 2012 22:38:14 -0700 -Subject: [PATCH] hostapd: Fix WDS VLAN bridge handling - -This patch fixes an issue where removing a WDS VLAN interface also -removed the main AP interface from the same bridge. - -Signed-hostap: Felix Fietkau <n...@openwrt.org> ---- - src/drivers/driver_nl80211.c | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - ---- a/src/drivers/driver_nl80211.c -+++ b/src/drivers/driver_nl80211.c -@@ -6528,6 +6528,10 @@ static int i802_set_wds_sta(void *priv, - linux_set_iface_flags(drv->global->ioctl_sock, name, 1); - return i802_set_sta_vlan(priv, addr, name, 0); - } else { -+ if (bridge_ifname) -+ linux_br_del_if(drv->global->ioctl_sock, bridge_ifname, -+ name); -+ - i802_set_sta_vlan(priv, addr, bss->ifname, 0); - return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, - name); -@@ -6886,7 +6890,12 @@ static int wpa_driver_nl80211_if_remove( - if (ifindex <= 0) - return -1; - -+ nl80211_remove_iface(drv, ifindex); -+ - #ifdef HOSTAPD -+ if (type != WPA_IF_AP_BSS) -+ return 0; -+ - if (bss->added_if_into_bridge) { - if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, - bss->ifname) < 0) -@@ -6900,13 +6909,6 @@ static int wpa_driver_nl80211_if_remove( - "bridge %s: %s", - bss->brname, strerror(errno)); - } --#endif /* HOSTAPD */ -- -- nl80211_remove_iface(drv, ifindex); -- --#ifdef HOSTAPD -- if (type != WPA_IF_AP_BSS) -- return 0; - - if (bss != &drv->first_bss) { - struct i802_bss *tbss; Index: wpa-2.1/debian/patches/libnl3-includes.patch =================================================================== --- wpa-2.1/debian/patches/libnl3-includes.patch (revision 1862) +++ wpa-2.1/debian/patches/libnl3-includes.patch (working copy) @@ -10,7 +10,7 @@ ifdef CONFIG_LIBNL32 DRV_LIBS += -lnl-3 DRV_LIBS += -lnl-genl-3 -- DRV_CFLAGS += -DCONFIG_LIBNL20 +- DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3 + DRV_CFLAGS += -DCONFIG_LIBNL20 `pkg-config --cflags libnl-3.0` else ifdef CONFIG_LIBNL_TINY Index: wpa-2.1/debian/patches/series =================================================================== --- wpa-2.1/debian/patches/series (revision 1862) +++ wpa-2.1/debian/patches/series (working copy) @@ -3,8 +3,6 @@ 06_wpa_gui_menu_exec_path.patch 07_dbus_service_syslog.patch 12_wpa_gui_knotify_support.patch -13_human_readable_signal.patch libnl3-includes.patch wpa_gui_desktop_add-keywords-entry.patch -hostapd_fix-WDS-VLAN-bridge-handling.patch fix-spelling-s-algorith-algorithm.patch
pgpdXfkxfklNP.pgp
Description: PGP signature
