From 5b35128fb6adb1a2e77dba3d569c25af5d236d22 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer <pepe.schlehofer@gmail.com> Date: Fri, 29 May 2020 19:21:39 +0200 Subject: [PATCH] hostapd: backport fixes for multiple SSID at one PHY iface Fixed invalid mgmt frames at startup Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> --- package/network/services/hostapd/Makefile | 2 +- ...10-move-deauthentication-at-ap-start.patch | 55 +++++++++++++++++++ .../611-ignore-management-frames.patch | 32 +++++++++++ 3 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch create mode 100644 package/network/services/hostapd/patches/611-ignore-management-frames.patch diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 35ce85b3be..7a4e61e932 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_PROTO:=git diff --git a/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch new file mode 100644 index 0000000000..5694d3d5fc --- /dev/null +++ b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch @@ -0,0 +1,55 @@ +From c82535edd6bea8a34b711d1f1015ea750b5db9da Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 16 May 2020 11:38:09 +0300 +Subject: Move deauthentication at AP start to be after beacon configuration + +This allows nl80211-based drivers to get the frame out. The old earlier +location resulted in the driver operation getting rejected before the +kernel was not ready to transmit the frame in the BSS context of the AP +interface that has not yet been started. + +While getting this broadcast Deauthentication frame transmitted at the +BSS start is not critical, it is one more chance of getting any +previously associated station notified of their previous association not +being valid anymore had they missed previous notifications in cases +where the AP is stopped and restarted. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/ap/hostapd.c | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +--- a/src/ap/hostapd.c ++++ b/src/ap/hostapd.c +@@ -1179,8 +1179,7 @@ static int hostapd_setup_bss(struct host + #endif /* CONFIG_MESH */ + + if (flush_old_stations) +- hostapd_flush_old_stations(hapd, +- WLAN_REASON_PREV_AUTH_NOT_VALID); ++ hostapd_flush(hapd); + hostapd_set_privacy(hapd, 0); + + hostapd_broadcast_wep_clear(hapd); +@@ -1372,6 +1371,21 @@ static int hostapd_setup_bss(struct host + if (!conf->start_disabled && ieee802_11_set_beacon(hapd) < 0) + return -1; + ++ if (flush_old_stations && !conf->start_disabled && ++ conf->broadcast_deauth) { ++ u8 addr[ETH_ALEN]; ++ ++ /* Should any previously associated STA not have noticed that ++ * the AP had stopped and restarted, send one more ++ * deauthentication notification now that the AP is ready to ++ * operate. */ ++ wpa_dbg(hapd->msg_ctx, MSG_DEBUG, ++ "Deauthenticate all stations at BSS start"); ++ os_memset(addr, 0xff, ETH_ALEN); ++ hostapd_drv_sta_deauth(hapd, addr, ++ WLAN_REASON_PREV_AUTH_NOT_VALID); ++ } ++ + if (hapd->wpa_auth && wpa_init_keys(hapd->wpa_auth) < 0) + return -1; + diff --git a/package/network/services/hostapd/patches/611-ignore-management-frames.patch b/package/network/services/hostapd/patches/611-ignore-management-frames.patch new file mode 100644 index 0000000000..4f960c96c2 --- /dev/null +++ b/package/network/services/hostapd/patches/611-ignore-management-frames.patch @@ -0,0 +1,32 @@ +From 5a04a76aa20d32417484e40b878596e5933c645e Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 16 May 2020 12:16:34 +0300 +Subject: Ignore Management frames while AP interface is not fully enabled + +It is possible for drivers to report received Management frames while AP +is going through initial setup (e.g., during ACS or DFS CAC). hostapd +and the driver is not yet ready for actually sending out responses to +such frames at this point and as such, it is better to explicitly ignore +such received frames rather than try to process them and have the +response (e.g., a Probe Response frame) getting dropped by the driver as +an invalid or getting out with some incorrect information. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/ap/ieee802_11.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -4686,6 +4686,11 @@ int ieee802_11_mgmt(struct hostapd_data + return 0; + } + ++ if (hapd->iface->state != HAPD_IFACE_ENABLED) { ++ wpa_printf(MSG_DEBUG, "MGMT: Ignore management frame while interface is not enabled (SA=" MACSTR " DA=" MACSTR " subtype=%u)", ++ MAC2STR(mgmt->sa), MAC2STR(mgmt->da), stype); ++ return 1; ++ } + + if (stype == WLAN_FC_STYPE_PROBE_REQ) { + handle_probe_req(hapd, mgmt, len, ssi_signal); -- 2.26.2