Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
From 5b35128fb6adb1a2e77dba3d569c25af5d236d22 Mon Sep 17 00:00:00 2001
From: Josef Schlehofer <pepe.schlehofer@gmail.com>
Date: Fri, 29 May 2020 19:21:39 +0200
Subject: [PATCH] hostapd: backport fixes for multiple SSID at one PHY iface
Fixed invalid mgmt frames at startup
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
---
package/network/services/hostapd/Makefile | 2 +-
...10-move-deauthentication-at-ap-start.patch | 55 +++++++++++++++++++
.../611-ignore-management-frames.patch | 32 +++++++++++
3 files changed, 88 insertions(+), 1 deletion(-)
create mode 100644 package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
create mode 100644 package/network/services/hostapd/patches/611-ignore-management-frames.patch
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 35ce85b3be..7a4e61e932 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
new file mode 100644
index 0000000000..5694d3d5fc
--- /dev/null
+++ b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
@@ -0,0 +1,55 @@
+From c82535edd6bea8a34b711d1f1015ea750b5db9da Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 May 2020 11:38:09 +0300
+Subject: Move deauthentication at AP start to be after beacon configuration
+
+This allows nl80211-based drivers to get the frame out. The old earlier
+location resulted in the driver operation getting rejected before the
+kernel was not ready to transmit the frame in the BSS context of the AP
+interface that has not yet been started.
+
+While getting this broadcast Deauthentication frame transmitted at the
+BSS start is not critical, it is one more chance of getting any
+previously associated station notified of their previous association not
+being valid anymore had they missed previous notifications in cases
+where the AP is stopped and restarted.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/hostapd.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -1179,8 +1179,7 @@ static int hostapd_setup_bss(struct host
+ #endif /* CONFIG_MESH */
+
+ if (flush_old_stations)
+- hostapd_flush_old_stations(hapd,
+- WLAN_REASON_PREV_AUTH_NOT_VALID);
++ hostapd_flush(hapd);
+ hostapd_set_privacy(hapd, 0);
+
+ hostapd_broadcast_wep_clear(hapd);
+@@ -1372,6 +1371,21 @@ static int hostapd_setup_bss(struct host
+ if (!conf->start_disabled && ieee802_11_set_beacon(hapd) < 0)
+ return -1;
+
++ if (flush_old_stations && !conf->start_disabled &&
++ conf->broadcast_deauth) {
++ u8 addr[ETH_ALEN];
++
++ /* Should any previously associated STA not have noticed that
++ * the AP had stopped and restarted, send one more
++ * deauthentication notification now that the AP is ready to
++ * operate. */
++ wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
++ "Deauthenticate all stations at BSS start");
++ os_memset(addr, 0xff, ETH_ALEN);
++ hostapd_drv_sta_deauth(hapd, addr,
++ WLAN_REASON_PREV_AUTH_NOT_VALID);
++ }
++
+ if (hapd->wpa_auth && wpa_init_keys(hapd->wpa_auth) < 0)
+ return -1;
+
diff --git a/package/network/services/hostapd/patches/611-ignore-management-frames.patch b/package/network/services/hostapd/patches/611-ignore-management-frames.patch
new file mode 100644
index 0000000000..4f960c96c2
--- /dev/null
+++ b/package/network/services/hostapd/patches/611-ignore-management-frames.patch
@@ -0,0 +1,32 @@
+From 5a04a76aa20d32417484e40b878596e5933c645e Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 May 2020 12:16:34 +0300
+Subject: Ignore Management frames while AP interface is not fully enabled
+
+It is possible for drivers to report received Management frames while AP
+is going through initial setup (e.g., during ACS or DFS CAC). hostapd
+and the driver is not yet ready for actually sending out responses to
+such frames at this point and as such, it is better to explicitly ignore
+such received frames rather than try to process them and have the
+response (e.g., a Probe Response frame) getting dropped by the driver as
+an invalid or getting out with some incorrect information.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/ieee802_11.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4686,6 +4686,11 @@ int ieee802_11_mgmt(struct hostapd_data
+ return 0;
+ }
+
++ if (hapd->iface->state != HAPD_IFACE_ENABLED) {
++ wpa_printf(MSG_DEBUG, "MGMT: Ignore management frame while interface is not enabled (SA=" MACSTR " DA=" MACSTR " subtype=%u)",
++ MAC2STR(mgmt->sa), MAC2STR(mgmt->da), stype);
++ return 1;
++ }
+
+ if (stype == WLAN_FC_STYPE_PROBE_REQ) {
+ handle_probe_req(hapd, mgmt, len, ssi_signal);
--
2.26.2