From 5b35128fb6adb1a2e77dba3d569c25af5d236d22 Mon Sep 17 00:00:00 2001
From: Josef Schlehofer <pepe.schlehofer@gmail.com>
Date: Fri, 29 May 2020 19:21:39 +0200
Subject: [PATCH] hostapd: backport fixes for multiple SSID at one PHY iface

Fixed invalid mgmt frames at startup

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
---
 package/network/services/hostapd/Makefile     |  2 +-
 ...10-move-deauthentication-at-ap-start.patch | 55 +++++++++++++++++++
 .../611-ignore-management-frames.patch        | 32 +++++++++++
 3 files changed, 88 insertions(+), 1 deletion(-)
 create mode 100644 package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
 create mode 100644 package/network/services/hostapd/patches/611-ignore-management-frames.patch

diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 35ce85b3be..7a4e61e932 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
new file mode 100644
index 0000000000..5694d3d5fc
--- /dev/null
+++ b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
@@ -0,0 +1,55 @@
+From c82535edd6bea8a34b711d1f1015ea750b5db9da Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 May 2020 11:38:09 +0300
+Subject: Move deauthentication at AP start to be after beacon configuration
+
+This allows nl80211-based drivers to get the frame out. The old earlier
+location resulted in the driver operation getting rejected before the
+kernel was not ready to transmit the frame in the BSS context of the AP
+interface that has not yet been started.
+
+While getting this broadcast Deauthentication frame transmitted at the
+BSS start is not critical, it is one more chance of getting any
+previously associated station notified of their previous association not
+being valid anymore had they missed previous notifications in cases
+where the AP is stopped and restarted.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/hostapd.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -1179,8 +1179,7 @@ static int hostapd_setup_bss(struct host
+ #endif /* CONFIG_MESH */
+ 
+ 	if (flush_old_stations)
+-		hostapd_flush_old_stations(hapd,
+-					   WLAN_REASON_PREV_AUTH_NOT_VALID);
++		hostapd_flush(hapd);
+ 	hostapd_set_privacy(hapd, 0);
+ 
+ 	hostapd_broadcast_wep_clear(hapd);
+@@ -1372,6 +1371,21 @@ static int hostapd_setup_bss(struct host
+ 	if (!conf->start_disabled && ieee802_11_set_beacon(hapd) < 0)
+ 		return -1;
+ 
++	if (flush_old_stations && !conf->start_disabled &&
++	    conf->broadcast_deauth) {
++		u8 addr[ETH_ALEN];
++
++		/* Should any previously associated STA not have noticed that
++		 * the AP had stopped and restarted, send one more
++		 * deauthentication notification now that the AP is ready to
++		 * operate. */
++		wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
++			"Deauthenticate all stations at BSS start");
++		os_memset(addr, 0xff, ETH_ALEN);
++		hostapd_drv_sta_deauth(hapd, addr,
++				       WLAN_REASON_PREV_AUTH_NOT_VALID);
++	}
++
+ 	if (hapd->wpa_auth && wpa_init_keys(hapd->wpa_auth) < 0)
+ 		return -1;
+ 
diff --git a/package/network/services/hostapd/patches/611-ignore-management-frames.patch b/package/network/services/hostapd/patches/611-ignore-management-frames.patch
new file mode 100644
index 0000000000..4f960c96c2
--- /dev/null
+++ b/package/network/services/hostapd/patches/611-ignore-management-frames.patch
@@ -0,0 +1,32 @@
+From 5a04a76aa20d32417484e40b878596e5933c645e Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 May 2020 12:16:34 +0300
+Subject: Ignore Management frames while AP interface is not fully enabled
+
+It is possible for drivers to report received Management frames while AP
+is going through initial setup (e.g., during ACS or DFS CAC). hostapd
+and the driver is not yet ready for actually sending out responses to
+such frames at this point and as such, it is better to explicitly ignore
+such received frames rather than try to process them and have the
+response (e.g., a Probe Response frame) getting dropped by the driver as
+an invalid or getting out with some incorrect information.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/ieee802_11.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4686,6 +4686,11 @@ int ieee802_11_mgmt(struct hostapd_data
+ 		return 0;
+ 	}
+ 
++	if (hapd->iface->state != HAPD_IFACE_ENABLED) {
++		wpa_printf(MSG_DEBUG, "MGMT: Ignore management frame while interface is not enabled (SA=" MACSTR " DA=" MACSTR " subtype=%u)",
++			   MAC2STR(mgmt->sa), MAC2STR(mgmt->da), stype);
++		return 1;
++	}
+ 
+ 	if (stype == WLAN_FC_STYPE_PROBE_REQ) {
+ 		handle_probe_req(hapd, mgmt, len, ssi_signal);
-- 
2.26.2