This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 611c2b7103f6921a2cb11be26c799d7613793cfb (commit) via a4cfeae49b531035c17463d2f4ea3db5010bc50a (commit) via 0eec4bbe46752aa732132436cf3aaff58be2e855 (commit) via 3403eb308c7220cde9c08c555c2d263a1f1501d7 (commit) via 5addf347804340cef0808d6fb119b6092244dec6 (commit) via 0c2be650b04ba40a38e51188bce1821808d2e197 (commit) via 14cb18a5395cee2c9ff0ed13afdc5feca8d45514 (commit) from f0b53518e5b74ef7e7b432f1c627772253a5ea3a (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 611c2b7103f6921a2cb11be26c799d7613793cfb Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 12 10:43:52 2021 +0000
iw: Update to 5.9
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a4cfeae49b531035c17463d2f4ea3db5010bc50a Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 12 10:40:28 2021 +0000
core154: Ship WiFi changes
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0eec4bbe46752aa732132436cf3aaff58be2e855 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 6 14:43:14 2021 +0000
wpa_supplicant: Import fresh default configuration
This enables some more features that have been added to wpa_supplicant over time. In our case we need SAE for WPA3 support.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3403eb308c7220cde9c08c555c2d263a1f1501d7 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 6 14:43:13 2021 +0000
wireless client: Try using SHA256 over SHA1 when possible
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5addf347804340cef0808d6fb119b6092244dec6 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jan 6 14:43:12 2021 +0000
wireless client: Add support for WPA3
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0c2be650b04ba40a38e51188bce1821808d2e197 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 12 10:37:17 2021 +0000
core154: Ship setup
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 14cb18a5395cee2c9ff0ed13afdc5feca8d45514 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Jan 9 18:39:00 2021 +0100
setup: move gateway setting to red address setting.
DEFAULT_GATEWAY is used only in RED_STATIC config so it fits better to this menu and is only selectable if red is set to static mode.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/154/filelists/files | 2 + .../{oldcore/121 => core/154}/filelists/iw | 0 .../{oldcore/119 => core/154}/filelists/setup | 0 .../103 => core/154}/filelists/wpa_supplicant | 0 config/wpa_supplicant/config | 475 ++++++++++++++++----- doc/language_issues.de | 2 + doc/language_issues.en | 4 +- doc/language_issues.es | 4 + doc/language_issues.fr | 4 + doc/language_issues.it | 4 + doc/language_issues.nl | 4 + doc/language_issues.pl | 4 + doc/language_issues.ru | 4 + doc/language_issues.tr | 4 + doc/language_missings | 22 + html/cgi-bin/wirelessclient.cgi | 5 +- langs/en/cgi-bin/en.pl | 1 + lfs/iw | 4 +- src/initscripts/system/wlanclient | 21 +- src/setup/netstuff.c | 37 +- src/setup/networking.c | 85 ---- 21 files changed, 472 insertions(+), 214 deletions(-) copy config/rootfiles/{oldcore/121 => core/154}/filelists/iw (100%) copy config/rootfiles/{oldcore/119 => core/154}/filelists/setup (100%) copy config/rootfiles/{oldcore/103 => core/154}/filelists/wpa_supplicant (100%)
Difference in files: diff --git a/config/rootfiles/core/154/filelists/files b/config/rootfiles/core/154/filelists/files index 9f0421b5a..524b92b42 100644 --- a/config/rootfiles/core/154/filelists/files +++ b/config/rootfiles/core/154/filelists/files @@ -2,6 +2,7 @@ etc/system-release etc/issue etc/os-release etc/rc.d/init.d/unbound +etc/rc.d/init.d/wlanclient opt/pakfire/lib/functions.sh srv/web/ipfire/cgi-bin/country.cgi srv/web/ipfire/cgi-bin/credits.cgi @@ -14,6 +15,7 @@ srv/web/ipfire/cgi-bin/optionsfw.cgi srv/web/ipfire/cgi-bin/pakfire.cgi srv/web/ipfire/cgi-bin/remote.cgi srv/web/ipfire/cgi-bin/services.cgi +srv/web/ipfire/cgi-bin/wirelessclient.cgi usr/local/bin/sshctrl var/ipfire/extrahd/bin/extrahd.pl var/ipfire/general-functions.pl diff --git a/config/rootfiles/core/154/filelists/iw b/config/rootfiles/core/154/filelists/iw new file mode 120000 index 000000000..7c58a2089 --- /dev/null +++ b/config/rootfiles/core/154/filelists/iw @@ -0,0 +1 @@ +../../../common/iw \ No newline at end of file diff --git a/config/rootfiles/core/154/filelists/setup b/config/rootfiles/core/154/filelists/setup new file mode 120000 index 000000000..209374bbc --- /dev/null +++ b/config/rootfiles/core/154/filelists/setup @@ -0,0 +1 @@ +../../../common/setup \ No newline at end of file diff --git a/config/rootfiles/core/154/filelists/wpa_supplicant b/config/rootfiles/core/154/filelists/wpa_supplicant new file mode 120000 index 000000000..1d04c03c0 --- /dev/null +++ b/config/rootfiles/core/154/filelists/wpa_supplicant @@ -0,0 +1 @@ +../../../common/wpa_supplicant \ No newline at end of file diff --git a/config/wpa_supplicant/config b/config/wpa_supplicant/config index f3e114bfd..d2fed45cd 100644 --- a/config/wpa_supplicant/config +++ b/config/wpa_supplicant/config @@ -1,9 +1,9 @@ # Example wpa_supplicant build time configuration # # This file lists the configuration options that are used when building the -# hostapd binary. All lines starting with # are ignored. Configuration option -# lines must be commented out complete, if they are not to be included, i.e., -# just setting VARIABLE=n is not disabling that variable. +# wpa_supplicant binary. All lines starting with # are ignored. Configuration +# option lines must be commented out complete, if they are not to be included, +# i.e., just setting VARIABLE=n is not disabling that variable. # # This file is included in Makefile, so variables like CFLAGS and LIBS can also # be modified from here. In most cases, these lines should use += in order not @@ -20,75 +20,39 @@ # used to fix build issues on such systems (krb5.h not found). #CFLAGS += -I/usr/include/kerberos
-# Example configuration for various cross-compilation platforms - -#### sveasoft (e.g., for Linksys WRT54G) ###################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS += -I../src/include -I../../src/router/openssl/include -#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl -############################################################################### - -#### openwrt (e.g., for Linksys WRT54G) ####################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ -# -I../WRT54GS/release/src/include -#LIBS = -lssl -############################################################################### - - -# Driver interface for Host AP driver -CONFIG_DRIVER_HOSTAP=y - -# Driver interface for Agere driver -#CONFIG_DRIVER_HERMES=y -# Change include directories to match with the local setup -#CFLAGS += -I../../hcf -I../../include -I../../include/hcf -#CFLAGS += -I../../include/wireless - -# Driver interface for madwifi driver -#CONFIG_DRIVER_MADWIFI=y -# Set include directory to the madwifi source tree -#CFLAGS += -I/usr/src/madwifi - -# Driver interface for Prism54 driver -# (Note: Prism54 is not yet supported, i.e., this will not work as-is and is -# for developers only) -CONFIG_DRIVER_PRISM54=y - -# Driver interface for ndiswrapper -CONFIG_DRIVER_NDISWRAPPER=y - -# Driver interface for Atmel driver -CONFIG_DRIVER_ATMEL=y - -# Driver interface for old Broadcom driver -# Please note that the newer Broadcom driver ("hybrid Linux driver") supports -# Linux wireless extensions and does not need (or even work) with the old -# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. -#CONFIG_DRIVER_BROADCOM=y -# Example path for wlioctl.h; change to match your configuration -#CFLAGS += -I/opt/WRT54GS/release/src/include - -# Driver interface for Intel ipw2100/2200 driver -CONFIG_DRIVER_IPW=y - -# Driver interface for Ralink driver -CONFIG_DRIVER_RALINK=y - # Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface CONFIG_DRIVER_NL80211=y
+# QCA vendor extensions to nl80211 +#CONFIG_DRIVER_NL80211_QCA=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$<path to libnl include files> +#LIBS += -L$<path to libnl library files> + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +CONFIG_LIBNL32=y + + # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS #CONFIG_DRIVER_NDIS=y @@ -106,17 +70,27 @@ CONFIG_DRIVER_NL80211=y # wpa_supplicant. # CONFIG_USE_NDISUIO=y
-# Driver interface for development testing -#CONFIG_DRIVER_TEST=y - # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y
+# Driver interface for MACsec capable Qualcomm Atheros drivers +#CONFIG_DRIVER_MACSEC_QCA=y + +# Driver interface for Linux MACsec drivers +#CONFIG_DRIVER_MACSEC_LINUX=y + # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket + +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or +# MACsec is included) CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5 @@ -135,11 +109,17 @@ CONFIG_EAP_PEAP=y CONFIG_EAP_TTLS=y
# EAP-FAST -# Note: Default OpenSSL package does not include support for all the -# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, -# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) -# to add the needed functions. -#CONFIG_EAP_FAST=y +CONFIG_EAP_FAST=y + +# EAP-TEAP +# Note: The current EAP-TEAP implementation is experimental and should not be +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number +# of conflicting statements and missing details and the implementation has +# vendor specific workarounds for those and as such, may not interoperate with +# any other implementation. This should not be used for anything else than +# experimentation and interoperability testing until those issues has been +# resolved. +#CONFIG_EAP_TEAP=y
# EAP-GTC CONFIG_EAP_GTC=y @@ -150,11 +130,17 @@ CONFIG_EAP_OTP=y # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) #CONFIG_EAP_SIM=y
+# Enable SIM simulator (Milenage) for EAP-SIM +#CONFIG_SIM_SIMULATOR=y + # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y
+# EAP-pwd (secure authentication using only a password) +CONFIG_EAP_PWD=y + # EAP-PAX -#CONFIG_EAP_PAX=y +CONFIG_EAP_PAX=y
# LEAP CONFIG_EAP_LEAP=y @@ -170,22 +156,35 @@ CONFIG_EAP_LEAP=y #CONFIG_USIM_SIMULATOR=y
# EAP-SAKE -#CONFIG_EAP_SAKE=y +CONFIG_EAP_SAKE=y
# EAP-GPSK -#CONFIG_EAP_GPSK=y +CONFIG_EAP_GPSK=y # Include support for optional SHA256 cipher suite in EAP-GPSK -#CONFIG_EAP_GPSK_SHA256=y +CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental) -#CONFIG_EAP_TNC=y +CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS) CONFIG_WPS=y +# Enable WPS external registrar functionality +#CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y
# EAP-IKEv2 CONFIG_EAP_IKEV2=y
+# EAP-EKE +#CONFIG_EAP_EKE=y + +# MACsec +CONFIG_MACSEC=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -198,13 +197,22 @@ CONFIG_SMARTCARD=y # Enable this if EAP-SIM or EAP-AKA is included #CONFIG_PCSC=y
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) +#CONFIG_HT_OVERRIDES=y + +# Support VHT overrides (disable VHT, mask MCS rates, etc.) +#CONFIG_VHT_OVERRIDES=y + # Development testing #CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli: # unix = UNIX domain sockets (default for Linux/*BSD) # udp = UDP sockets using localhost (127.0.0.1) +# udp6 = UDP IPv6 sockets using localhost (::1) # named_pipe = Windows Named Pipe (default for Windows) +# udp-remote = UDP sockets with remote access (only for tests systems/purpose) +# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) # y = use default (backwards compatibility) # If this option is commented out, control interface is not included in the # build. @@ -216,6 +224,10 @@ CONFIG_CTRL_IFACE=y # the resulting binary. #CONFIG_READLINE=y
+# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y + # Remove debugging code that is printing out debug message to stdout. # This can be used to reduce the size of the wpa_supplicant considerably # if debugging code is not needed. The size reduction can be around 35% @@ -226,11 +238,6 @@ CONFIG_CTRL_IFACE=y # 35-50 kB in code size. #CONFIG_NO_WPA=y
-# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to -# save about 1 kB in code size when building only WPA-Personal (no EAP support) -# or 6 kB if building for WPA-Enterprise. -#CONFIG_NO_WPA2=y - # Remove IEEE 802.11i/WPA-Personal ASCII passphrase support # This option can be used to reduce code size by removing support for # converting ASCII passphrases into PSK. If this functionality is removed, the @@ -238,12 +245,10 @@ CONFIG_CTRL_IFACE=y # wpa_passphrase). This saves about 0.5 kB in code size. #CONFIG_NO_WPA_PASSPHRASE=y
-# Remove AES extra functions. This can be used to reduce code size by about -# 1.5 kB by removing extra AES modes that are not needed for commonly used -# client configurations (they are needed for some EAP types). -#CONFIG_NO_AES_EXTRAS=y +# Simultaneous Authentication of Equals (SAE), WPA3-Personal +CONFIG_SAE=y
-# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# Disable scan result processing (ap_scan=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y
@@ -270,7 +275,7 @@ CONFIG_BACKEND=file # main_none = Very basic example (development use only) #CONFIG_MAIN=main
-# Select wrapper for operatins system and C library specific functions +# Select wrapper for operating system and C library specific functions # unix = UNIX/POSIX like systems (default) # win32 = Windows systems # none = Empty template @@ -279,9 +284,17 @@ CONFIG_BACKEND=file # Select event loop implementation # eloop = select() loop (default) # eloop_win = Windows events and WaitForMultipleObject() loop -# eloop_none = Empty template #CONFIG_ELOOP=eloop
+# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + +# Should we use epoll instead of select? Select is used by default. +#CONFIG_ELOOP_EPOLL=y + +# Should we use kqueue instead of select? Select is used by default. +#CONFIG_ELOOP_KQUEUE=y + # Select layer 2 packet implementation # linux = Linux packet socket (default) # pcap = libpcap/libdnet/WinPcap @@ -291,29 +304,40 @@ CONFIG_BACKEND=file # none = Empty template #CONFIG_L2_PACKET=linux
-# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y +# Disable Linux packet socket workaround applicable for station interface +# in a bridge for EAPOL frames. This should be uncommented only if the kernel +# is known to not have the regression issue in packet socket behavior with +# bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). +#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
-# IEEE 802.11w (management frame protection) -# This version is an experimental implementation based on IEEE 802.11w/D1.0 -# draft and is subject to change since the standard has not yet been finalized. -# Driver support is also needed for IEEE 802.11w. -#CONFIG_IEEE80211W=y +# Support Operating Channel Validation +#CONFIG_OCV=y
# Select TLS implementation # openssl = OpenSSL (default) -# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) +# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) # none = Empty template #CONFIG_TLS=openssl
-# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. -# You need CONFIG_TLS=gnutls for this to have any effect. Please note that -# even though the core GnuTLS library is released under LGPL, this extra -# library uses GPL and as such, the terms of GPL apply to the combination -# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not -# apply for distribution of the resulting binary. -#CONFIG_GNUTLS_EXTRA=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. It should be +# noted that some existing TLS v1.0 -based implementation may not be compatible +# with TLS v1.2 message (ClientHello is sent prior to negotiating which version +# will be used) +#CONFIG_TLSV12=y + +# Select which ciphers to use by default with OpenSSL if the user does not +# specify them. +#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of @@ -337,8 +361,12 @@ CONFIG_PEERKEY=y #CONFIG_NDIS_EVENTS_INTEGRATED=y #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
-# Add support for DBus control interface -#CONFIG_CTRL_IFACE_DBUS=y +# Add support for new DBus control interface +# (fi.w1.wpa_supplicant1) +#CONFIG_CTRL_IFACE_DBUS_NEW=y + +# Add introspection support for new DBus control interface +#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries. # When this option is enabled, each EAP method can be either included @@ -361,18 +389,26 @@ CONFIG_PEERKEY=y # amount of memory/flash. #CONFIG_DYNAMIC_EAP_METHODS=y
-# Include client MLME (management frame processing). -# This can be used to move MLME processing of Linux mac80211 stack into user -# space. Please note that this is currently only available with -# driver_nl80211.c and only with a modified version of Linux kernel and -# wpa_supplicant. -#CONFIG_CLIENT_MLME=y - -# IEEE Std 802.11r-2008 (Fast BSS Transition) -#CONFIG_IEEE80211R=y +# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode +CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) -#CONFIG_DEBUG_FILE=y +CONFIG_DEBUG_FILE=y + +# Send debug messages to syslog instead of stdout +CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Add support for writing debug log to Android logcat instead of standard +# output +#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y @@ -380,3 +416,210 @@ CONFIG_PEERKEY=y # Enable mitigation against certain attacks against TKIP by delaying Michael # MIC error reports by a random amount of time between 0 and 60 seconds #CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, uncomment these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, uncomment these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e<entropy file> command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# Should we attempt to use the getrandom(2) call that provides more reliable +# yet secure randomness source than /dev/random on Linux 3.17 and newer. +# Requires glibc 2.25 to build, falls back to /dev/random if unavailable. +CONFIG_GETRANDOM=y + +# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) +CONFIG_IEEE80211AC=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +CONFIG_INTERWORKING=y + +# Hotspot 2.0 +CONFIG_HS20=y + +# Enable interface matching in wpa_supplicant +#CONFIG_MATCH_IFACE=y + +# Disable roaming in wpa_supplicant +#CONFIG_NO_ROAMING=y + +# AP mode operations with wpa_supplicant +# This can be used for controlling AP mode operations with wpa_supplicant. It +# should be noted that this is mainly aimed at simple cases like +# WPA2-Personal while more complex configurations like WPA2-Enterprise with an +# external RADIUS server can be supported with hostapd. +CONFIG_AP=y + +# P2P (Wi-Fi Direct) +# This can be used to enable P2P support in wpa_supplicant. See README-P2P for +# more information on P2P operations. +CONFIG_P2P=y + +# Enable TDLS support +CONFIG_TDLS=y + +# Wi-Fi Display +# This can be used to enable Wi-Fi Display extensions for P2P using an external +# program to control the additional information exchanges in the messages. +CONFIG_WIFI_DISPLAY=y + +# Autoscan +# This can be used to enable automatic scan support in wpa_supplicant. +# See wpa_supplicant.conf for more information on autoscan usage. +# +# Enabling directly a module will enable autoscan support. +# For exponential module: +#CONFIG_AUTOSCAN_EXPONENTIAL=y +# For periodic module: +#CONFIG_AUTOSCAN_PERIODIC=y + +# Password (and passphrase, etc.) backend for external storage +# These optional mechanisms can be used to add support for storing passwords +# and other secrets in external (to wpa_supplicant) location. This allows, for +# example, operating system specific key storage to be used +# +# External password backend for testing purposes (developer use) +#CONFIG_EXT_PASSWORD_TEST=y + +# Enable Fast Session Transfer (FST) +#CONFIG_FST=y + +# Enable CLI commands for FST testing +#CONFIG_FST_TEST=y + +# OS X builds. This is only for building eapol_test. +#CONFIG_OSX=y + +# Automatic Channel Selection +# This will allow wpa_supplicant to pick the channel automatically when channel +# is set to "0". +# +# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative +# to "channel=0". This would enable us to eventually add other ACS algorithms in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with +# a newly to create wpa_supplicant.conf variable acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +#CONFIG_ACS=y + +# Support Multi Band Operation +#CONFIG_MBO=y + +# Fast Initial Link Setup (FILS) (IEEE 802.11ai) +#CONFIG_FILS=y +# FILS shared key authentication with PFS +#CONFIG_FILS_SK_PFS=y + +# Support RSN on IBSS networks +# This is needed to be able to use mode=1 network profile with proto=RSN and +# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None). +CONFIG_IBSS_RSN=y + +# External PMKSA cache control +# This can be used to enable control interface commands that allow the current +# PMKSA cache entries to be fetched and new entries to be added. +#CONFIG_PMKSA_CACHE_EXTERNAL=y + +# Mesh Networking (IEEE 802.11s) +#CONFIG_MESH=y + +# Background scanning modules +# These can be used to request wpa_supplicant to perform background scanning +# operations for roaming within an ESS (same SSID). See the bgscan parameter in +# the wpa_supplicant.conf file for more details. +# Periodic background scans based on signal strength +CONFIG_BGSCAN_SIMPLE=y +# Learn channels used by the network and try to avoid bgscans on other +# channels (experimental) +#CONFIG_BGSCAN_LEARN=y + +# Opportunistic Wireless Encryption (OWE) +# Experimental implementation of draft-harkins-owe-07.txt +#CONFIG_OWE=y + +# Device Provisioning Protocol (DPP) +CONFIG_DPP=y + +# Wired equivalent privacy (WEP) +# WEP is an obsolete cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used for anything anymore. The +# functionality needed to use WEP is available in the current wpa_supplicant +# release under this optional build parameter. This functionality is subject to +# be completely removed in a future release. +#CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore for anything else than a +# backwards compatibility option as a group cipher when connecting to APs that +# use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build includes +# support for this by default, but that functionality is subject to be removed +# in the future. +#CONFIG_NO_TKIP=y + +# Enable 802.11w +CONFIG_IEEE80211W=y diff --git a/doc/language_issues.de b/doc/language_issues.de index dfb9e202b..701642df9 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -522,6 +522,7 @@ WARNING: translation string unused: open to all WARNING: translation string unused: openvpn disabled WARNING: translation string unused: openvpn enabled WARNING: translation string unused: optional data +WARNING: translation string unused: options WARNING: translation string unused: optionsfw portlist hint WARNING: translation string unused: optionsfw warning WARNING: translation string unused: or @@ -885,6 +886,7 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: user management = User Management WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlanap 802.11w disabled = Disabled WARNING: untranslated string: wlanap 802.11w enforced = Enforced WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_issues.en b/doc/language_issues.en index a5c881941..08202ebd0 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1367,7 +1367,6 @@ WARNING: untranslated string: openvpn server = OpenVPN server WARNING: untranslated string: openvpn subnet is used = The given subnet is used by another OpenVPN server. WARNING: untranslated string: optional = Optional WARNING: untranslated string: optional at cmd = optional AT command -WARNING: untranslated string: options = Options WARNING: untranslated string: options fw = Firewall Options WARNING: untranslated string: orange = ORANGE WARNING: untranslated string: organization cant be empty = Organization can't be empty. @@ -1689,6 +1688,8 @@ WARNING: untranslated string: title = Title WARNING: untranslated string: to = To WARNING: untranslated string: toggle = pause/resume WARNING: untranslated string: toggle enable disable = Enable or disable +WARNING: untranslated string: token = Token: +WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tone = Tone WARNING: untranslated string: tone dial = Tone dial: WARNING: untranslated string: tor = Tor @@ -2128,6 +2129,7 @@ WARNING: untranslated string: wlan client encryption none = None WARNING: untranslated string: wlan client encryption wep = WEP WARNING: untranslated string: wlan client encryption wpa = WPA WARNING: untranslated string: wlan client encryption wpa2 = WPA2 +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity diff --git a/doc/language_issues.es b/doc/language_issues.es index bff23f3bc..e575904b7 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -470,6 +470,7 @@ WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: optional data +WARNING: translation string unused: options WARNING: translation string unused: optionsfw portlist hint WARNING: translation string unused: optionsfw warning WARNING: translation string unused: or @@ -1387,6 +1388,8 @@ WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2 WARNING: untranslated string: tcp more reliable = TCP (more reliable) WARNING: untranslated string: ten minutes = 10 Minutes WARNING: untranslated string: thirty minutes = 30 Minutes +WARNING: untranslated string: token = Token: +WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor = Tor WARNING: untranslated string: tor accounting = Accounting WARNING: untranslated string: tor accounting bytes = Traffic (read/written) @@ -1499,6 +1502,7 @@ WARNING: untranslated string: wlan client encryption none = None WARNING: untranslated string: wlan client encryption wep = WEP WARNING: untranslated string: wlan client encryption wpa = WPA WARNING: untranslated string: wlan client encryption wpa2 = WPA2 +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 2989678c1..5ea59cdf0 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -553,6 +553,7 @@ WARNING: translation string unused: open to all WARNING: translation string unused: openvpn disabled WARNING: translation string unused: openvpn enabled WARNING: translation string unused: optional data +WARNING: translation string unused: options WARNING: translation string unused: optionsfw portlist hint WARNING: translation string unused: optionsfw warning WARNING: translation string unused: or @@ -913,3 +914,6 @@ WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string +WARNING: untranslated string: token = Token: +WARNING: untranslated string: token not set = No Token has been given. +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 diff --git a/doc/language_issues.it b/doc/language_issues.it index aaa96b118..e22de23b1 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -527,6 +527,7 @@ WARNING: translation string unused: open to all WARNING: translation string unused: openvpn disabled WARNING: translation string unused: openvpn enabled WARNING: translation string unused: optional data +WARNING: translation string unused: options WARNING: translation string unused: optionsfw portlist hint WARNING: translation string unused: optionsfw warning WARNING: translation string unused: or @@ -1147,6 +1148,8 @@ WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2 WARNING: untranslated string: tcp more reliable = TCP (more reliable) WARNING: untranslated string: ten minutes = 10 Minutes WARNING: untranslated string: thirty minutes = 30 Minutes +WARNING: untranslated string: token = Token: +WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor guard country any = Any country WARNING: untranslated string: tor guard nodes = Guard Nodes WARNING: untranslated string: tor use guard nodes = Use only these guard nodes (one fingerprint per line) @@ -1190,6 +1193,7 @@ WARNING: untranslated string: wlan client eap authentication method = EAP Authen WARNING: untranslated string: wlan client eap phase2 method = EAP Phase 2 Method WARNING: untranslated string: wlan client eap state = EAP Status WARNING: untranslated string: wlan client encryption eap = EAP +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client identity = Identity WARNING: untranslated string: wlan client method = Method WARNING: untranslated string: wlan client password = Password diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 4ab686806..cce487779 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -523,6 +523,7 @@ WARNING: translation string unused: open to all WARNING: translation string unused: openvpn disabled WARNING: translation string unused: openvpn enabled WARNING: translation string unused: optional data +WARNING: translation string unused: options WARNING: translation string unused: optionsfw portlist hint WARNING: translation string unused: optionsfw warning WARNING: translation string unused: or @@ -1185,6 +1186,8 @@ WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2 WARNING: untranslated string: tcp more reliable = TCP (more reliable) WARNING: untranslated string: ten minutes = 10 Minutes WARNING: untranslated string: thirty minutes = 30 Minutes +WARNING: untranslated string: token = Token: +WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor guard country any = Any country WARNING: untranslated string: tor guard nodes = Guard Nodes WARNING: untranslated string: tor use guard nodes = Use only these guard nodes (one fingerprint per line) @@ -1230,6 +1233,7 @@ WARNING: untranslated string: wlan client eap authentication method = EAP Authen WARNING: untranslated string: wlan client eap phase2 method = EAP Phase 2 Method WARNING: untranslated string: wlan client eap state = EAP Status WARNING: untranslated string: wlan client encryption eap = EAP +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client identity = Identity WARNING: untranslated string: wlan client method = Method WARNING: untranslated string: wlan client password = Password diff --git a/doc/language_issues.pl b/doc/language_issues.pl index bff23f3bc..e575904b7 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -470,6 +470,7 @@ WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: optional data +WARNING: translation string unused: options WARNING: translation string unused: optionsfw portlist hint WARNING: translation string unused: optionsfw warning WARNING: translation string unused: or @@ -1387,6 +1388,8 @@ WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2 WARNING: untranslated string: tcp more reliable = TCP (more reliable) WARNING: untranslated string: ten minutes = 10 Minutes WARNING: untranslated string: thirty minutes = 30 Minutes +WARNING: untranslated string: token = Token: +WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor = Tor WARNING: untranslated string: tor accounting = Accounting WARNING: untranslated string: tor accounting bytes = Traffic (read/written) @@ -1499,6 +1502,7 @@ WARNING: untranslated string: wlan client encryption none = None WARNING: untranslated string: wlan client encryption wep = WEP WARNING: untranslated string: wlan client encryption wpa = WPA WARNING: untranslated string: wlan client encryption wpa2 = WPA2 +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 0317eba8c..eb4eedec5 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -461,6 +461,7 @@ WARNING: translation string unused: online help en WARNING: translation string unused: only red WARNING: translation string unused: open to all WARNING: translation string unused: optional data +WARNING: translation string unused: options WARNING: translation string unused: optionsfw portlist hint WARNING: translation string unused: optionsfw warning WARNING: translation string unused: or @@ -1380,6 +1381,8 @@ WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2 WARNING: untranslated string: tcp more reliable = TCP (more reliable) WARNING: untranslated string: ten minutes = 10 Minutes WARNING: untranslated string: thirty minutes = 30 Minutes +WARNING: untranslated string: token = Token: +WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor = Tor WARNING: untranslated string: tor accounting = Accounting WARNING: untranslated string: tor accounting bytes = Traffic (read/written) @@ -1492,6 +1495,7 @@ WARNING: untranslated string: wlan client encryption none = None WARNING: untranslated string: wlan client encryption wep = WEP WARNING: untranslated string: wlan client encryption wpa = WPA WARNING: untranslated string: wlan client encryption wpa2 = WPA2 +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 554565f20..9f276edac 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -555,6 +555,7 @@ WARNING: translation string unused: open to all WARNING: translation string unused: openvpn disabled WARNING: translation string unused: openvpn enabled WARNING: translation string unused: optional data +WARNING: translation string unused: options WARNING: translation string unused: optionsfw portlist hint WARNING: translation string unused: optionsfw warning WARNING: translation string unused: or @@ -1047,6 +1048,8 @@ WARNING: untranslated string: strict = Strict WARNING: untranslated string: subnet mask = Subnet Mask WARNING: untranslated string: system is offline = The system is offline. WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2 +WARNING: untranslated string: token = Token: +WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: tor guard country any = Any country WARNING: untranslated string: tor guard nodes = Guard Nodes WARNING: untranslated string: tor use guard nodes = Use only these guard nodes (one fingerprint per line) @@ -1061,6 +1064,7 @@ WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlanap 802.11w disabled = Disabled WARNING: untranslated string: wlanap 802.11w enforced = Enforced WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_missings b/doc/language_missings index e14cdd000..1956eac48 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -64,6 +64,7 @@ < wlanap 802.11w disabled < wlanap 802.11w enforced < wlanap 802.11w optional +< wlan client encryption wpa3 ############################################################################ # Checking cgi-bin translations for language: es # ############################################################################ @@ -782,6 +783,8 @@ < ten minutes < teovpn_fragment < thirty minutes +< token +< token not set < tor < tor 0 = disabled < tor accounting @@ -919,6 +922,7 @@ < wlan client encryption wep < wlan client encryption wpa < wlan client encryption wpa2 +< wlan client encryption wpa3 < wlan client group cipher < wlan client group key algorithm < wlan client identity @@ -966,7 +970,10 @@ < dhcp valid range required when deny known clients checked < g.dtm < g.lite +< token +< token not set < upload fcdsl.o +< wlan client encryption wpa3 ############################################################################ # Checking cgi-bin translations for language: it # ############################################################################ @@ -1272,6 +1279,8 @@ < tcp more reliable < ten minutes < thirty minutes +< token +< token not set < tor guard country < tor guard country any < tor guard nodes @@ -1328,6 +1337,7 @@ < wlan client eap phase2 method < wlan client eap state < wlan client encryption eap +< wlan client encryption wpa3 < wlan client identity < wlan client method < wlan client password @@ -1705,6 +1715,8 @@ < ten minutes < teovpn_fragment < thirty minutes +< token +< token not set < tor guard country < tor guard country any < tor guard nodes @@ -1763,6 +1775,7 @@ < wlan client eap phase2 method < wlan client eap state < wlan client encryption eap +< wlan client encryption wpa3 < wlan client identity < wlan client method < wlan client password @@ -2486,6 +2499,8 @@ < ten minutes < teovpn_fragment < thirty minutes +< token +< token not set < tor < tor 0 = disabled < tor accounting @@ -2623,6 +2638,7 @@ < wlan client encryption wep < wlan client encryption wpa < wlan client encryption wpa2 +< wlan client encryption wpa3 < wlan client group cipher < wlan client group key algorithm < wlan client identity @@ -3368,6 +3384,8 @@ < ten minutes < teovpn_fragment < thirty minutes +< token +< token not set < tor < tor 0 = disabled < tor accounting @@ -3506,6 +3524,7 @@ < wlan client encryption wep < wlan client encryption wpa < wlan client encryption wpa2 +< wlan client encryption wpa3 < wlan client group cipher < wlan client group key algorithm < wlan client identity @@ -3691,6 +3710,8 @@ < subnet mask < system is offline < taa zombieload2 +< token +< token not set < tor guard country < tor guard country any < tor guard nodes @@ -3716,6 +3737,7 @@ < wlanap neighbor scan < wlanap neighbor scan warning < wlanap ssid +< wlan client encryption wpa3 < working < zoneconf access native < zoneconf access none diff --git a/html/cgi-bin/wirelessclient.cgi b/html/cgi-bin/wirelessclient.cgi index 6978663cf..e8c3c9628 100644 --- a/html/cgi-bin/wirelessclient.cgi +++ b/html/cgi-bin/wirelessclient.cgi @@ -462,6 +462,7 @@ sub showEditBox() { my %selected = (); $selected{'ENCRYPTION'} = (); $selected{'ENCRYPTION'}{'NONE'} = ''; + $selected{'ENCRYPTION'}{'WPA3'} = ''; $selected{'ENCRYPTION'}{'WPA2'} = ''; $selected{'ENCRYPTION'}{'WPA'} = ''; $selected{'ENCRYPTION'}{'WEP'} = ''; @@ -505,9 +506,10 @@ sub showEditBox() { <select name='ENCRYPTION'> <option value="NONE" $selected{'ENCRYPTION'}{'NONE'}>$Lang::tr{'wlan client encryption none'}</option> <option value="EAP" $selected{'ENCRYPTION'}{'EAP'}>$Lang::tr{'wlan client encryption eap'}</option> + <option value="WPA3" $selected{'ENCRYPTION'}{'WPA3'}>$Lang::tr{'wlan client encryption wpa3'}</option> <option value="WPA2" $selected{'ENCRYPTION'}{'WPA2'}>$Lang::tr{'wlan client encryption wpa2'}</option> <option value="WPA" $selected{'ENCRYPTION'}{'WPA'}>$Lang::tr{'wlan client encryption wpa'}</option> - <option value="WEP" $selected{'ENCRYPTION'}{'WEP'}>$Lang::tr{'wlan client encryption wep'}</option> + <option value="WEP" $selected{'ENCRYPTION'}{'WEP'}>$Lang::tr{'wlan client encryption wep'}</option> </select> </td> <td colspan="2" width='40%'></td> @@ -839,7 +841,6 @@ sub ValidateInput($) { # Check for invalid key length. } elsif (ValidKeyLength($settings{'ENCRYPTION'}, $settings{'PSK'})) { return "$Lang::tr{'wlan client invalid key length'}"; - }
# Reset WPA mode, if WPA(2) is not selected. diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 4d23f7aac..22e8a4cc6 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2951,6 +2951,7 @@ 'wlan client encryption wep' => 'WEP', 'wlan client encryption wpa' => 'WPA', 'wlan client encryption wpa2' => 'WPA2', +'wlan client encryption wpa3' => 'WPA3', 'wlan client group cipher' => 'Group cipher', 'wlan client group key algorithm' => 'GKA', 'wlan client identity' => 'Identity', diff --git a/lfs/iw b/lfs/iw index 279457f53..18cf3a24a 100644 --- a/lfs/iw +++ b/lfs/iw @@ -24,7 +24,7 @@
include Config
-VER = 4.14 +VER = 5.9
THISAPP = iw-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9e6bb70ae4f19283e921fc59c6079556 +$(DL_FILE)_MD5 = 7a47d6f749ec69afcaf351166fd12f6f
install : $(TARGET)
diff --git a/src/initscripts/system/wlanclient b/src/initscripts/system/wlanclient index b32a4cb4a..4b3938b46 100644 --- a/src/initscripts/system/wlanclient +++ b/src/initscripts/system/wlanclient @@ -86,6 +86,7 @@ function wpa_supplicant_config_line() { local config=${2} shift 2
+ local ieee80211w local anonymous_identity local auth_alg local auth_mode @@ -142,17 +143,22 @@ function wpa_supplicant_config_line() {
case "${mode}" in EAP) - key_mgmt="WPA-EAP" + key_mgmt="WPA-EAP-SHA256 WPA-EAP" + ;; + WPA3) + key_mgmt="SAE" + + ieee80211w="2" ;; WPA2) auth_alg="OPEN" proto="RSN" - key_mgmt="WPA-PSK" + key_mgmt="WPA-PSK-SHA256 WPA-PSK" ;; WPA) auth_alg="OPEN" proto="WPA" - key_mgmt="WPA-PSK" + key_mgmt="WPA-PSK-SHA256 WPA-PSK" ;; WEP) auth_alg="SHARED" @@ -209,7 +215,11 @@ function wpa_supplicant_config_line() { echo " key_mgmt=${key_mgmt}" fi if [ -n "${psk}" ]; then - echo " psk="${psk}"" + if [ "${key_mgmt}" = "SAE" ]; then + echo " sae_password="${psk}"" + else + echo " psk="${psk}"" + fi fi if [ -n "${wep_tx_keyidx}" ]; then echo " wep_tx_keyidx=${wep_tx_keyidx}" @@ -227,6 +237,9 @@ function wpa_supplicant_config_line() { if [ -n "${priority}" ]; then echo " priority=${priority}" fi + if [ -n "${ieee80211w}" ]; then + echo " ieee80211w=${ieee80211w}" + fi
# EAP if [ "${mode}" = "EAP" ]; then diff --git a/src/setup/netstuff.c b/src/setup/netstuff.c index 91604de14..dac407767 100644 --- a/src/setup/netstuff.c +++ b/src/setup/netstuff.c @@ -31,6 +31,7 @@ int scanned_nics_read_done = 0; newtComponent networkform; newtComponent addressentry; newtComponent netmaskentry; +newtComponent gatewayentry; newtComponent statictyperadio; newtComponent dhcptyperadio; newtComponent pppoetyperadio; @@ -53,12 +54,14 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, { char *addressresult; char *netmaskresult; + char *gatewayresult; char *dhcphostnameresult; char *dhcpforcemturesult; struct newtExitStruct es; newtComponent header; newtComponent addresslabel; newtComponent netmasklabel; + newtComponent gatewaylabel; newtComponent dhcphostnamelabel; newtComponent dhcpforcemtulabel; newtComponent ok, cancel; @@ -66,6 +69,7 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, char temp[STRING_SIZE]; char addressfield[STRING_SIZE]; char netmaskfield[STRING_SIZE]; + char gatewayfield[STRING_SIZE]; char typefield[STRING_SIZE]; char dhcphostnamefield[STRING_SIZE]; char dhcpforcemtufield[STRING_SIZE]; @@ -80,12 +84,13 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, /* Build some key strings. */ sprintf(addressfield, "%s_ADDRESS", colour); sprintf(netmaskfield, "%s_NETMASK", colour); + sprintf(gatewayfield, "DEFAULT_GATEWAY"); sprintf(typefield, "%s_TYPE", colour); sprintf(dhcphostnamefield, "%s_DHCP_HOSTNAME", colour); sprintf(dhcpforcemtufield, "%s_DHCP_FORCE_MTU", colour); sprintf(message, _("Interface - %s"), colour); - newtCenteredWindow(44, (typeflag ? 18 : 12), message); + newtCenteredWindow(44, (typeflag ? 19 : 12), message); networkform = newtForm(NULL, NULL, 0);
@@ -129,6 +134,18 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, newtEntrySetFlags(dhcphostnameentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); newtEntrySetFlags(dhcpforcemtuentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); } + /* Gateway */ + gatewaylabel = newtTextbox(2, (typeflag ? 11 : 4) + 2, 18, 1, 0); + newtTextboxSetText(gatewaylabel, _("Gateway:")); + strcpy(temp, ""); + findkey(kv, gatewayfield, temp); + gatewayentry = newtEntry(20, (typeflag ? 11 : 4) + 2, temp, 20, &gatewayresult, 0); + newtEntrySetFilter(gatewayentry, ip_input_filter, NULL); + if (typeflag == 1 && startstatictype == 0) + newtEntrySetFlags(gatewayentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); + newtFormAddComponent(networkform, gatewaylabel); + newtFormAddComponent(networkform, gatewayentry); + } /* Address */ addresslabel = newtTextbox(2, (typeflag ? 11 : 4) + 0, 18, 1, 0); @@ -154,9 +171,10 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, newtFormAddComponent(networkform, netmasklabel); newtFormAddComponent(networkform, netmaskentry);
+ /* Buttons. */ - ok = newtButton(8, (typeflag ? 14 : 7), _("OK")); - cancel = newtButton(26, (typeflag ? 14 : 7), _("Cancel")); + ok = newtButton(8, (typeflag ? 15 : 7), _("OK")); + cancel = newtButton(26, (typeflag ? 15 : 7), _("Cancel"));
newtFormAddComponents(networkform, ok, cancel, NULL);
@@ -191,6 +209,13 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, strcat(message, "\n"); error = 1; } + if (typeflag && (inet_addr(gatewayresult) == INADDR_NONE)) + { + strcat(message, _("Gateway")); + strcat(message, "\n"); + error = 1; + } + } if (strcmp(type, "DHCP") == 0) { @@ -214,13 +239,15 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, { replacekeyvalue(kv, addressfield, "0.0.0.0"); replacekeyvalue(kv, netmaskfield, "0.0.0.0"); + replacekeyvalue(kv, gatewayfield, "0.0.0.0"); } else { replacekeyvalue(kv, addressfield, addressresult); replacekeyvalue(kv, netmaskfield, netmaskresult); + replacekeyvalue(kv, gatewayfield, gatewayresult); } - replacekeyvalue(kv, typefield, type); + replacekeyvalue(kv, typefield, type); } else { @@ -311,11 +338,13 @@ void networkdialogcallbacktype(newtComponent cm, void *data) { newtEntrySetFlags(addressentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); newtEntrySetFlags(netmaskentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); + newtEntrySetFlags(gatewayentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); } else { newtEntrySetFlags(addressentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_RESET); newtEntrySetFlags(netmaskentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_RESET); + newtEntrySetFlags(gatewayentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_RESET); } if (strcmp(type, "DHCP") == 0) { diff --git a/src/setup/networking.c b/src/setup/networking.c index 97d58f724..9dd5205e5 100644 --- a/src/setup/networking.c +++ b/src/setup/networking.c @@ -51,7 +51,6 @@ int drivermenu(void); int changedrivers(void); int greenaddressmenu(void); int addressesmenu(void); -int gatewaymenu(void);
int handlenetworking(void) { @@ -83,10 +82,6 @@ int handlenetworking(void) addressesmenu(); break; - case 4: - gatewaymenu(); - break; - case 0: if (oktoleave()) done = 1; break; @@ -215,18 +210,6 @@ int oktoleave(void) return 0; } } - - strcpy(temp, ""); findkey(kv, "RED_TYPE", temp); - if ((configtype == 0) || (strcmp(temp, "STATIC") == 0)) - { - strcpy(temp, ""); findkey(kv, "DEFAULT_GATEWAY", temp); - if (!(strlen(temp))) - { - errorbox(_("Missing Default Gateway.")); - freekeyvalues(kv); - return 0; - } - } return 1; }
@@ -238,7 +221,6 @@ int firstmenu(void) _("Network configuration type"), _("Drivers and card assignments"), _("Address settings"), - _("Gateway settings"), NULL }; int rc; @@ -695,70 +677,3 @@ int addressesmenu(void) return 0; } - -/* default gateway.... */ -int gatewaymenu(void) -{ - struct keyvalue *kv = initkeyvalues(); - char message[1000]; - char temp[STRING_SIZE] = "0"; - struct newtWinEntry entries[2]; - char* values[1]; /* pointers for the values. */ - int error; - int configtype; - int rc; - - if (!(readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))) - { - freekeyvalues(kv); - errorbox(_("Unable to open settings file")); - return 0; - } - - entries[0].text = _("Default gateway:"); - strcpy(temp, ""); findkey(kv, "DEFAULT_GATEWAY", temp); - values[0] = strdup(temp); - entries[0].value = &values[0]; - entries[0].flags = 0; - - entries[1].text = NULL; - entries[1].value = NULL; - entries[1].flags = 0; - - do - { - error = 0; - - rc = newtWinEntries(_("Gateway settings"), - _("Enter the gateway information. " - "These settings are used only with Static IP on the RED interface."), - 50, 5, 5, 18, entries, _("OK"), _("Cancel"), NULL); - if (rc == 0 || rc == 1) - { - if (strlen(values[0])) - { - if (inet_addr(values[0]) == INADDR_NONE) - { - strcat(message, _("Default gateway")); - strcat(message, "\n"); - error = 1; - } - } - - if (error) - errorbox(message); - else - { - replacekeyvalue(kv, "DEFAULT_GATEWAY", values[0]); - netaddresschange = 1; - free(values[0]); - writekeyvalues(kv, CONFIG_ROOT "/ethernet/settings"); - } - } - } - while (error); - - freekeyvalues(kv); - - return 1; -}
hooks/post-receive -- IPFire 2.x development tree