Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
From 5b35128fb6adb1a2e77dba3d569c25af5d236d22 Mon Sep 17 00:00:00 2001
From: Josef Schlehofer <pepe.schlehofer@gmail.com>
Date: Fri, 29 May 2020 19:21:39 +0200
Subject: [PATCH] hostapd: backport fixes for multiple SSID at one PHY iface
Fixed invalid mgmt frames at startup
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
---
...10-move-deauthentication-at-ap-start.patch | 55 +++++++++++++++++++
.../611-ignore-management-frames.patch | 32 +++++++++++
3 files changed, 88 insertions(+), 1 deletion(-)
create mode 100644 package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
create mode 100644 package/network/services/hostapd/patches/611-ignore-management-frames.patch
diff --git a/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
new file mode 100644
index 0000000000..5694d3d5fc
--- /dev/null
+++ b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
@@ -0,0 +1,55 @@
+From c82535edd6bea8a34b711d1f1015ea750b5db9da Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 May 2020 11:38:09 +0300
+Subject: Move deauthentication at AP start to be after beacon configuration
+
+This allows nl80211-based drivers to get the frame out. The old earlier
+location resulted in the driver operation getting rejected before the
+kernel was not ready to transmit the frame in the BSS context of the AP
+interface that has not yet been started.
+
+While getting this broadcast Deauthentication frame transmitted at the
+BSS start is not critical, it is one more chance of getting any
+previously associated station notified of their previous association not
+being valid anymore had they missed previous notifications in cases
+where the AP is stopped and restarted.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/hostapd.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -1179,8 +1179,7 @@ static int hostapd_setup_bss(struct host
+ #endif /* CONFIG_MESH */
+
+ if (flush_old_stations)
+- hostapd_flush_old_stations(hapd,
+- WLAN_REASON_PREV_AUTH_NOT_VALID);
++ hostapd_flush(hapd);
+ hostapd_set_privacy(hapd, 0);
+
+ hostapd_broadcast_wep_clear(hapd);
+@@ -1372,6 +1371,21 @@ static int hostapd_setup_bss(struct host
+ if (!conf->start_disabled && ieee802_11_set_beacon(hapd) < 0)
+ return -1;
+
++ if (flush_old_stations && !conf->start_disabled &&
++ conf->broadcast_deauth) {
++ u8 addr[ETH_ALEN];
++
++ /* Should any previously associated STA not have noticed that
++ * the AP had stopped and restarted, send one more
++ * deauthentication notification now that the AP is ready to
++ * operate. */
++ wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
++ "Deauthenticate all stations at BSS start");
++ os_memset(addr, 0xff, ETH_ALEN);
++ hostapd_drv_sta_deauth(hapd, addr,
++ WLAN_REASON_PREV_AUTH_NOT_VALID);
++ }
++
+ if (hapd->wpa_auth && wpa_init_keys(hapd->wpa_auth) < 0)
+ return -1;
+
diff --git a/package/network/services/hostapd/patches/611-ignore-management-frames.patch b/package/network/services/hostapd/patches/611-ignore-management-frames.patch
new file mode 100644
index 0000000000..4f960c96c2
--- /dev/null
+++ b/package/network/services/hostapd/patches/611-ignore-management-frames.patch
@@ -0,0 +1,32 @@
+From 5a04a76aa20d32417484e40b878596e5933c645e Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 May 2020 12:16:34 +0300
+Subject: Ignore Management frames while AP interface is not fully enabled
+
+It is possible for drivers to report received Management frames while AP
+is going through initial setup (e.g., during ACS or DFS CAC). hostapd
+and the driver is not yet ready for actually sending out responses to
+such frames at this point and as such, it is better to explicitly ignore
+such received frames rather than try to process them and have the
+response (e.g., a Probe Response frame) getting dropped by the driver as
+an invalid or getting out with some incorrect information.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/ieee802_11.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4686,6 +4686,11 @@ int ieee802_11_mgmt(struct hostapd_data
+ return 0;
+ }
+
++ if (hapd->iface->state != HAPD_IFACE_ENABLED) {
++ wpa_printf(MSG_DEBUG, "MGMT: Ignore management frame while interface is not enabled (SA=" MACSTR " DA=" MACSTR " subtype=%u)",
++ MAC2STR(mgmt->sa), MAC2STR(mgmt->da), stype);
++ return 1;
++ }
+
+ if (stype == WLAN_FC_STYPE_PROBE_REQ) {
+ handle_probe_req(hapd, mgmt, len, ssi_signal);
--
2.26.2