[PATCH] hostapd: add option to ignore data frames from unknown stations
Also refresh patches.
Upstream hostapd status:
https://patchwork.ozlabs.org/project/hostap/patch/20230126091539.2325752-1-raphael.melo...@mind.be/
Signed-off-by: Raphaël Mélotte
---
...-ignore-data-frames-from-unknown-sta.patch | 72 +++
.../hostapd/patches/700-wifi-reload.patch | 2 +-
.../patches/720-iface_max_num_sta.patch | 2 +-
3 files changed, 74 insertions(+), 2 deletions(-)
create mode 100644
package/network/services/hostapd/patches/630-add-ignore-data-frames-from-unknown-sta.patch
diff --git
a/package/network/services/hostapd/patches/630-add-ignore-data-frames-from-unknown-sta.patch
b/package/network/services/hostapd/patches/630-add-ignore-data-frames-from-unknown-sta.patch
new file mode 100644
index 00..931c080a41
--- /dev/null
+++
b/package/network/services/hostapd/patches/630-add-ignore-data-frames-from-unknown-sta.patch
@@ -0,0 +1,72 @@
+From cb949726fc6194c608027f2556c00b262c6b8b34 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rapha=C3=ABl=20M=C3=A9lotte?=
+Date: Tue, 24 Jan 2023 14:15:09 +0100
+Subject: [PATCH] hostapd: add option to ignore data frames from unknown
+ stations
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When an external process manages hostapd, it can be needed to
+temporarily ignore class 3 frames from unknown stations until hostapd
+can be made aware of the station.
+
+Add a new option that, when set, makes hostapd ignore class 3 frames
+from unknown stations. When the option is not set, the behavior stays
+the same as before (i.e. unknown stations are deauthenticated).
+
+Signed-off-by: Raphaël Mélotte
+---
+ hostapd/config_file.c | 2 ++
+ hostapd/hostapd.conf | 5 +
+ src/ap/ap_config.h| 2 ++
+ src/ap/ieee802_11.c | 2 +-
+ 4 files changed, 10 insertions(+), 1 deletion(-)
+
+--- a/hostapd/config_file.c
b/hostapd/config_file.c
+@@ -4459,6 +4459,8 @@ static int hostapd_config_fill(struct ho
+ bss->broadcast_deauth = atoi(pos);
+ } else if (os_strcmp(buf, "notify_mgmt_frames") == 0) {
+ bss->notify_mgmt_frames = atoi(pos);
++ } else if (os_strcmp(buf, "no_deauth_unknown_sta") == 0) {
++ bss->no_deauth_unknown_sta = atoi(pos);
+ #ifdef CONFIG_DPP
+ } else if (os_strcmp(buf, "dpp_name") == 0) {
+ os_free(bss->dpp_name);
+--- a/hostapd/hostapd.conf
b/hostapd/hostapd.conf
+@@ -591,6 +591,11 @@ wmm_ac_vo_acm=0
+ # Default: 0 (disabled)
+ #notify_mgmt_frames=0
+
++# Do not deauthenticate unknown stations.
++# This can be used to temporarily ignore data frames from unknown
++# stations, instead of deauthenticating them.
++#no_deauth_unknown_sta=0
++
+ # IEEE 802.11n related configuration
##
+
+ # ieee80211n: Whether IEEE 802.11n (HT) is enabled
+--- a/src/ap/ap_config.h
b/src/ap/ap_config.h
+@@ -750,6 +750,8 @@ struct hostapd_bss_config {
+
+ int broadcast_deauth;
+
++ int no_deauth_unknown_sta;
++
+ int notify_mgmt_frames;
+
+ #ifdef CONFIG_DPP
+--- a/src/ap/ieee802_11.c
b/src/ap/ieee802_11.c
+@@ -6964,7 +6964,7 @@ void ieee802_11_rx_from_unknown(struct h
+ hostapd_drv_sta_disassoc(
+ hapd, src,
+ WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
+- else
++ else if (!hapd->conf->no_deauth_unknown_sta)
+ hostapd_drv_sta_deauth(
+ hapd, src,
+ WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
diff --git a/package/network/services/hostapd/patches/700-wifi-reload.patch
b/package/network/services/hostapd/patches/700-wifi-reload.patch
index 174127df6e..28916dca7e 100644
--- a/package/network/services/hostapd/patches/700-wifi-reload.patch
+++ b/package/network/services/hostapd/patches/700-wifi-reload.patch
@@ -47,7 +47,7 @@
enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
unsigned int logger_syslog; /* module bitfield */
-@@ -969,6 +971,7 @@ struct eht_phy_capabilities_info {
+@@ -971,6 +973,7 @@ struct eht_phy_capabilities_info {
struct hostapd_config {
struct hostapd_bss_config **bss, *last_bss;
size_t num_bss;
diff --git
a/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
b/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
index ed76d22dd0..e5d91700af 100644
--- a/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
+++ b/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
@@ -71,7 +71,7 @@
" since no room for additional STA",
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -1010,6 +1010,8 @@ struct hostapd_config {
+@@ -1012,6 +1012,8 @@ struct hostapd_config {
unsigned int track_sta_max_num;
unsigned int track_sta_max_age;
--
2.38.1
__
[PATCH] hostapd: add support for unicast beacons
Also refresh patches.
Upstream status:
https://patchwork.ozlabs.org/project/hostap/patch/20230105200945.761324-1-raphael.melo...@mind.be/
Signed-off-by: Raphaël Mélotte
---
.../620-add-support-for-unicast-beacons.patch | 70 +++
.../hostapd/patches/700-wifi-reload.patch | 2 +-
.../patches/720-iface_max_num_sta.patch | 2 +-
...750-qos_map_set_without_interworking.patch | 2 +-
4 files changed, 73 insertions(+), 3 deletions(-)
create mode 100644
package/network/services/hostapd/patches/620-add-support-for-unicast-beacons.patch
diff --git
a/package/network/services/hostapd/patches/620-add-support-for-unicast-beacons.patch
b/package/network/services/hostapd/patches/620-add-support-for-unicast-beacons.patch
new file mode 100644
index 00..c465b5d577
--- /dev/null
+++
b/package/network/services/hostapd/patches/620-add-support-for-unicast-beacons.patch
@@ -0,0 +1,70 @@
+--- a/hostapd/config_file.c
b/hostapd/config_file.c
+@@ -3399,6 +3399,12 @@ static int hostapd_config_fill(struct ho
+ line);
+ return 1;
+ }
++ } else if (os_strcmp(buf, "beacon_da") == 0) {
++ if (hwaddr_aton(pos, bss->beacon_da)) {
++ wpa_printf(MSG_ERROR, "Line %d: invalid beacon_da item",
++ line);
++ return 1;
++ }
+ } else if (os_strcmp(buf, "use_driver_iface_addr") == 0) {
+ conf->use_driver_iface_addr = atoi(pos);
+ } else if (os_strcmp(buf, "ieee80211w") == 0) {
+--- a/hostapd/ctrl_iface.c
b/hostapd/ctrl_iface.c
+@@ -1040,6 +1040,14 @@ static int hostapd_ctrl_iface_get_config
+ return pos - buf;
+ pos += ret;
+
++ if (!is_zero_ether_addr(hapd->conf->beacon_da)) {
++ ret = os_snprintf(pos, end - pos, "beacon_da=" MACSTR "\n",
++MAC2STR(hapd->conf->beacon_da));
++ if (os_snprintf_error(end - pos, ret))
++ return pos - buf;
++ pos += ret;
++ }
++
+ #ifdef CONFIG_WPS
+ ret = os_snprintf(pos, end - pos, "wps_state=%s\n",
+ hapd->conf->wps_state == 0 ? "disabled" :
+--- a/hostapd/hostapd.conf
b/hostapd/hostapd.conf
+@@ -94,6 +94,9 @@ ssid=test
+ # UTF-8 SSID: Whether the SSID is to be interpreted using UTF-8 encoding
+ #utf8_ssid=1
+
++# Destination address for beacon frames (defaults to broadcast)
++#beacon_da=ff:ff:ff:ff:ff:ff
++
+ # Country code (ISO/IEC 3166-1). Used to set regulatory domain.
+ # Set as needed to indicate country in which device is operating.
+ # This can limit available channels and transmit power.
+--- a/src/ap/ap_config.h
b/src/ap/ap_config.h
+@@ -470,6 +470,7 @@ struct hostapd_bss_config {
+ struct hostapd_vlan *vlan;
+
+ macaddr bssid;
++ macaddr beacon_da;
+
+ /*
+* Maximum listen interval that STAs can use when associating with this
+--- a/src/ap/beacon.c
b/src/ap/beacon.c
+@@ -1595,7 +1595,12 @@ int ieee802_11_build_ap_params(struct ho
+ head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+ WLAN_FC_STYPE_BEACON);
+ head->duration = host_to_le16(0);
+- os_memset(head->da, 0xff, ETH_ALEN);
++ if (is_zero_ether_addr(hapd->conf->beacon_da) ||
++ is_broadcast_ether_addr(hapd->conf->beacon_da))
++ os_memset(head->da, 0xff, ETH_ALEN);
++ else {
++ os_memcpy(head->da, hapd->conf->beacon_da, ETH_ALEN);
++ }
+
+ os_memcpy(head->sa, hapd->own_addr, ETH_ALEN);
+ os_memcpy(head->bssid, hapd->own_addr, ETH_ALEN);
diff --git a/package/network/services/hostapd/patches/700-wifi-reload.patch
b/package/network/services/hostapd/patches/700-wifi-reload.patch
index 174127df6e..da9837d137 100644
--- a/package/network/services/hostapd/patches/700-wifi-reload.patch
+++ b/package/network/services/hostapd/patches/700-wifi-reload.patch
@@ -47,7 +47,7 @@
enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
unsigned int logger_syslog; /* module bitfield */
-@@ -969,6 +971,7 @@ struct eht_phy_capabilities_info {
+@@ -970,6 +972,7 @@ struct eht_phy_capabilities_info {
struct hostapd_config {
struct hostapd_bss_config **bss, *last_bss;
size_t num_bss;
diff --git
a/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
b/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
index ed76d22dd0..e50965de06 100644
--- a/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
+++ b/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
@@ -71,7 +71,7 @@
" since no room for additi
[PATCH] hostapd: fix race condition with wpa_supplicant_prepare_interface()
wpa_supplicant_prepare_interface() manually removes wpa_supplicant's
control interface, by calling wpa_supplicant_teardown_interface().
With the introduction of dynamic wifi configuration in commit
a5bc9787d4ef89c9e2593a191b3c4cf8702b41a3, we now call ubus to add a
new supplicant configuration if there is no wpa_supplicant.ifname
object yet, or if the list of interfaces to configure has changed (see
mac80211.sh).
If the network re-configuration is triggered multiple times in a row
successively, there are cases where the supplicant ubus object already
exists so we don't call config_add, but the supplicant control
interface is nevertheless always removed (as
wpa_supplicant_prepare_interface is always called). As a consequence,
this leaves the supplicant running without a control interface.
One way to reproduce the problem is:
- Configure 1 radio with 2 APs and one station interface.
- Check /var/run/wpa_supplicant: it contains the global interface and
the control interface for our station.
- Use the following command to trigger the bug:
"
/etc/init.d/network restart ; wifi ; sleep 10 ; /etc/init.d/network restart ;
wifi
"
- Check /var/run/wpa_supplicant/ and see that it only contains the
global interface, no interface is created for our station.
While users are not expected to trigger reconfigurations so quickly,
in practice it might happen due to unfortunate chains of actions. When
this happens, it leaves the supplicant unusable for other processes
that want to use the control interface.
To fix it, remove wpa_supplicant_teardown_interface() entirely. The
config_remove and config_add ubus calls will anyway create and remove
the control interface as needed, so there is no need to remove it
manually.
Signed-off-by: Raphaël Mélotte
---
package/network/services/hostapd/files/hostapd.sh | 6 --
1 file changed, 6 deletions(-)
diff --git a/package/network/services/hostapd/files/hostapd.sh
b/package/network/services/hostapd/files/hostapd.sh
index 7eeb74e984..e20725d62b 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -1196,11 +1196,6 @@ _wpa_supplicant_common() {
_config="${_rpath}-$ifname.conf"
}
-wpa_supplicant_teardown_interface() {
- _wpa_supplicant_common "$1"
- rm -rf "$_rpath/$1" "$_config"
-}
-
wpa_supplicant_prepare_interface() {
local ifname="$1"
_w_driver="$2"
@@ -1245,7 +1240,6 @@ wpa_supplicant_prepare_interface() {
else
[ -e "$multiap_flag_file" ] && rm "$multiap_flag_file"
fi
- wpa_supplicant_teardown_interface "$ifname"
cat > "$_config" <https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2] hostapd: add fallback for WPS on stations
Up to now the WPS script triggered WPS on the stations only if it
could not trigger it successfully on any hostapd instance.
In a Multi-AP context, there can be a need (to establish a new
wireless backhaul link) to trigger WPS on the stations, regardless of
whether there is already a hostapd instance configured or not. The
current script makes it impossible, as if hostapd is running and
configured, WPS would always be triggered on hostapd only.
To allow both possibilities, the following changes are made:
- Change the "pressed" action to "release", so that we can make use of
the "$SEEN" variables (to know for how long the button was pressed).
- If the button is pressed for less than 3 seconds, keep the original
behavior.
- If the button is pressed for 3 seconds or more, trigger WPS on the
stations, regardless of the status of any running hostapd instance.
- Add comments explaining both behaviors.
- While at it, replace the usage of '-a' with a '[] && []'
construct (see [1]).
This gives users a "fallback" mechanism to onboard a device to a
Multi-AP network, even if the device already has a configured hostapd
instance running.
[1]: https://github.com/koalaman/shellcheck/wiki/SC2166
Signed-off-by: Raphaël Mélotte
---
Changes v1 -> v2:
- minor comment update.
.../services/hostapd/files/wps-hotplug.sh | 21 ---
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/package/network/services/hostapd/files/wps-hotplug.sh
b/package/network/services/hostapd/files/wps-hotplug.sh
index d00939d769..073bdd1868 100644
--- a/package/network/services/hostapd/files/wps-hotplug.sh
+++ b/package/network/services/hostapd/files/wps-hotplug.sh
@@ -38,13 +38,20 @@ wps_catch_credentials() {
done
}
-if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
- wps_done=0
- ubusobjs="$( ubus -S list hostapd.* )"
- for ubusobj in $ubusobjs; do
- ubus -S call $ubusobj wps_start && wps_done=1
- done
- [ $wps_done = 0 ] || return 0
+if [ "$ACTION" = "released" ] && [ "$BUTTON" = "wps" ]; then
+ # If the button was pressed for 3 seconds or more, trigger WPS on
+ # wpa_supplicant only, no matter if hostapd is running or not. If
+ # was pressed for less than 3 seconds, try triggering on
+ # hostapd. If there is no hostapd instance to trigger it on or WPS
+ # is not enabled on them, trigger it on wpa_supplicant.
+ if [ "$SEEN" -lt 3 ] ; then
+ wps_done=0
+ ubusobjs="$( ubus -S list hostapd.* )"
+ for ubusobj in $ubusobjs; do
+ ubus -S call $ubusobj wps_start && wps_done=1
+ done
+ [ $wps_done = 0 ] || return 0
+ fi
wps_done=0
ubusobjs="$( ubus -S list wpa_supplicant.* )"
for ubusobj in $ubusobjs; do
--
2.33.0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] hostapd: add fallback for WPS on stations
Up to now the WPS script triggered WPS on the stations only if it
could not trigger it successfully on any hostapd instance.
In a Multi-AP context, there can be a need (to establish a new
wireless backhaul link) to trigger WPS on the stations, regardless of
whether there is already a hostapd instance configured or not. The
current script makes it impossible, as if hostapd is running and
configured, WPS would always be triggered on hostapd only.
To allow both possibilities, the following changes are made:
- Change the "pressed" action to "release", so that we can make use of
the "$SEEN" variables (to know for how long the button was pressed).
- If the button is pressed for less than 3 seconds, keep the original
behavior.
- If the button is pressed for 3 seconds or more, trigger WPS on the
stations, regardless of the status of any running hostapd instance.
- Add comments explaining both behaviors.
- While at it, replace the usage of '-a' with a '[] && []'
construct (see [1]).
This gives users a "fallback" mechanism to onboard a device to a
Multi-AP network, even if the device already has a configured hostapd
instance running.
[1]: https://github.com/koalaman/shellcheck/wiki/SC2166
Signed-off-by: Raphaël Mélotte
---
.../services/hostapd/files/wps-hotplug.sh | 21 ---
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/package/network/services/hostapd/files/wps-hotplug.sh
b/package/network/services/hostapd/files/wps-hotplug.sh
index d00939d769..a82beb514a 100644
--- a/package/network/services/hostapd/files/wps-hotplug.sh
+++ b/package/network/services/hostapd/files/wps-hotplug.sh
@@ -38,13 +38,20 @@ wps_catch_credentials() {
done
}
-if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
- wps_done=0
- ubusobjs="$( ubus -S list hostapd.* )"
- for ubusobj in $ubusobjs; do
- ubus -S call $ubusobj wps_start && wps_done=1
- done
- [ $wps_done = 0 ] || return 0
+if [ "$ACTION" = "released" ] && [ "$BUTTON" = "wps" ]; then
+ # If the button is pressed for 3 seconds or more, trigger WPS on
+ # wpa_supplicant only, no matter if hostapd is running or not. If
+ # it's pressed for less than 3 seconds, try triggering on
+ # hostapd. If there is no hostapd instance to trigger it on or WPS
+ # is not enabled on them, trigger it on wpa_supplicant.
+ if [ "$SEEN" -lt 3 ] ; then
+ wps_done=0
+ ubusobjs="$( ubus -S list hostapd.* )"
+ for ubusobj in $ubusobjs; do
+ ubus -S call $ubusobj wps_start && wps_done=1
+ done
+ [ $wps_done = 0 ] || return 0
+ fi
wps_done=0
ubusobjs="$( ubus -S list wpa_supplicant.* )"
for ubusobj in $ubusobjs; do
--
2.33.0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
