include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
-PKG_RELEASE:=4
+PKG_RELEASE:=1
PKG_SOURCE_URL:=https://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2024-03-09
-PKG_SOURCE_VERSION:=695277a5b3da08b9a8a4e7117b933deb8b4950a7
-PKG_MIRROR_HASH:=57b8e64d24707e37e0df3359cee15dd5184b824b8622568833a5b8a0cae163ae
+PKG_SOURCE_DATE:=2024-07-20
+PKG_SOURCE_VERSION:=d945ddd368085f255e68328f2d3b020ceea359af
+PKG_MIRROR_HASH:=647508a242f2969d8a815edb69d47b107f10d2415604e44b0451c48875ae46bd
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-3-Clause
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2698,7 +2698,7 @@ static int drv_supports_vht(struct wpa_s
+@@ -2809,7 +2809,7 @@ static int drv_supports_vht(struct wpa_s
}
{
int i;
-@@ -2707,7 +2707,10 @@ static bool ibss_mesh_is_80mhz_avail(int
+@@ -2818,7 +2818,10 @@ static bool ibss_mesh_is_80mhz_avail(int
chan = hw_get_channel_chan(mode, i, NULL);
if (!chan ||
return false;
}
-@@ -2834,7 +2837,7 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2945,7 +2948,7 @@ static void ibss_mesh_select_40mhz(struc
const struct wpa_ssid *ssid,
struct hostapd_hw_modes *mode,
struct hostapd_freq_params *freq,
int chan_idx;
struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
int i, res;
-@@ -2858,8 +2861,11 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2969,8 +2972,11 @@ static void ibss_mesh_select_40mhz(struc
return;
/* Check primary channel flags */
#ifdef CONFIG_HT_OVERRIDES
if (ssid->disable_ht40)
-@@ -2885,8 +2891,11 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2996,8 +3002,11 @@ static void ibss_mesh_select_40mhz(struc
return;
/* Check secondary channel flags */
if (ht40 == -1) {
if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
-@@ -2940,7 +2949,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3052,7 +3061,7 @@ static bool ibss_mesh_select_80_160mhz(s
const struct wpa_ssid *ssid,
struct hostapd_hw_modes *mode,
struct hostapd_freq_params *freq,
static const int bw80[] = {
5180, 5260, 5500, 5580, 5660, 5745, 5825,
5955, 6035, 6115, 6195, 6275, 6355, 6435,
-@@ -2985,7 +2994,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3097,7 +3106,7 @@ static bool ibss_mesh_select_80_160mhz(s
goto skip_80mhz;
/* Use 40 MHz if channel not usable */
goto skip_80mhz;
chwidth = CONF_OPER_CHWIDTH_80MHZ;
-@@ -2999,7 +3008,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3111,7 +3120,7 @@ static bool ibss_mesh_select_80_160mhz(s
if ((mode->he_capab[ieee80211_mode].phy_cap[
HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz &&
for (j = 0; j < ARRAY_SIZE(bw160); j++) {
if (freq->freq == bw160[j]) {
chwidth = CONF_OPER_CHWIDTH_160MHZ;
-@@ -3027,10 +3036,12 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3139,10 +3148,12 @@ static bool ibss_mesh_select_80_160mhz(s
if (!chan)
continue;
/* Found a suitable second segment for 80+80 */
chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
-@@ -3085,6 +3096,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
- int i, obss_scan = 1;
+@@ -3197,6 +3208,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ int obss_scan = 1;
u8 channel;
bool is_6ghz, is_24ghz;
+ bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
freq->freq = ssid->frequency;
-@@ -3133,9 +3145,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3239,9 +3251,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
freq->channel = channel;
/* Setup higher BW only for 5 GHz */
if (mode->mode == HOSTAPD_MODE_IEEE80211A) {
--- a/src/ap/dfs.c
+++ b/src/ap/dfs.c
-@@ -17,6 +17,7 @@
+@@ -18,6 +18,7 @@
#include "ap_drv_ops.h"
#include "drivers/driver.h"
#include "dfs.h"
enum dfs_channel_type {
-@@ -526,9 +527,14 @@ dfs_get_valid_channel(struct hostapd_ifa
+@@ -527,9 +528,14 @@ dfs_get_valid_channel(struct hostapd_ifa
int num_available_chandefs;
int chan_idx, chan_idx2;
int sec_chan_idx_80p80 = -1;
wpa_printf(MSG_DEBUG, "DFS: Selecting random channel");
*secondary_channel = 0;
*oper_centr_freq_seg0_idx = 0;
-@@ -548,8 +554,20 @@ dfs_get_valid_channel(struct hostapd_ifa
+@@ -549,8 +555,20 @@ dfs_get_valid_channel(struct hostapd_ifa
if (num_available_chandefs == 0)
return NULL;
chan_idx, num_available_chandefs);
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -11195,6 +11195,10 @@ static int nl80211_switch_channel(void *
+@@ -11306,6 +11306,10 @@ static int nl80211_switch_channel(void *
if (ret)
goto error;
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
-@@ -4659,6 +4659,13 @@ static int add_associated_sta(struct hos
+@@ -4756,6 +4756,13 @@ static int add_associated_sta(struct hos
* drivers to accept the STA parameter configuration. Since this is
* after a new FT-over-DS exchange, a new TK has been derived, so key
* reinstallation is not a concern for this case.
*/
wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
" (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
-@@ -4672,7 +4679,8 @@ static int add_associated_sta(struct hos
+@@ -4769,7 +4776,8 @@ static int add_associated_sta(struct hos
(!(sta->flags & WLAN_STA_AUTHORIZED) ||
(reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
(!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Wed, 28 Jul 2021 05:43:29 +0200
-Subject: [PATCH] ndisc_snoop: call dl_list_del before freeing ipv6 addresses
-
-Fixes a segmentation fault on sta disconnect
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/src/ap/ndisc_snoop.c
-+++ b/src/ap/ndisc_snoop.c
-@@ -61,6 +61,7 @@ void sta_ip6addr_del(struct hostapd_data
- dl_list_for_each_safe(ip6addr, prev, &sta->ip6addr, struct ip6addr,
- list) {
- hostapd_drv_br_delete_ip_neigh(hapd, 6, (u8 *) &ip6addr->addr);
-+ dl_list_del(&ip6addr->list);
- os_free(ip6addr);
- }
- }
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Wed, 28 Jul 2021 05:49:46 +0200
-Subject: [PATCH] driver_nl80211: rewrite neigh code to not depend on
- libnl3-route
-
-Removes an unnecessary dependency and also makes the code smaller
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/src/drivers/driver_nl80211.c
-+++ b/src/drivers/driver_nl80211.c
-@@ -18,9 +18,6 @@
- #include <netlink/genl/genl.h>
- #include <netlink/genl/ctrl.h>
- #include <netlink/genl/family.h>
--#ifdef CONFIG_LIBNL3_ROUTE
--#include <netlink/route/neighbour.h>
--#endif /* CONFIG_LIBNL3_ROUTE */
- #include <linux/rtnetlink.h>
- #include <netpacket/packet.h>
- #include <linux/errqueue.h>
-@@ -5859,26 +5856,29 @@ fail:
-
- static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
- {
--#ifdef CONFIG_LIBNL3_ROUTE
- struct wpa_driver_nl80211_data *drv = bss->drv;
-- struct rtnl_neigh *rn;
-- struct nl_addr *nl_addr;
-+ struct ndmsg nhdr = {
-+ .ndm_state = NUD_PERMANENT,
-+ .ndm_ifindex = bss->ifindex,
-+ .ndm_family = AF_BRIDGE,
-+ };
-+ struct nl_msg *msg;
- int err;
-
-- rn = rtnl_neigh_alloc();
-- if (!rn)
-+ msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
-+ if (!msg)
- return;
-
-- rtnl_neigh_set_family(rn, AF_BRIDGE);
-- rtnl_neigh_set_ifindex(rn, bss->ifindex);
-- nl_addr = nl_addr_build(AF_BRIDGE, (void *) addr, ETH_ALEN);
-- if (!nl_addr) {
-- rtnl_neigh_put(rn);
-- return;
-- }
-- rtnl_neigh_set_lladdr(rn, nl_addr);
-+ if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
-+ goto errout;
-+
-+ if (nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *)addr))
-+ goto errout;
-+
-+ if (nl_send_auto_complete(drv->rtnl_sk, msg) < 0)
-+ goto errout;
-
-- err = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
-+ err = nl_wait_for_ack(drv->rtnl_sk);
- if (err < 0) {
- wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
- MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
-@@ -5888,9 +5888,8 @@ static void rtnl_neigh_delete_fdb_entry(
- MACSTR, MAC2STR(addr));
- }
-
-- nl_addr_put(nl_addr);
-- rtnl_neigh_put(rn);
--#endif /* CONFIG_LIBNL3_ROUTE */
-+errout:
-+ nlmsg_free(msg);
- }
-
-
-@@ -8615,7 +8614,6 @@ static void *i802_init(struct hostapd_da
- (params->num_bridge == 0 || !params->bridge[0]))
- add_ifidx(drv, br_ifindex, drv->ifindex);
-
--#ifdef CONFIG_LIBNL3_ROUTE
- if (bss->added_if_into_bridge || bss->already_in_bridge) {
- int err;
-
-@@ -8632,7 +8630,6 @@ static void *i802_init(struct hostapd_da
- goto failed;
- }
- }
--#endif /* CONFIG_LIBNL3_ROUTE */
-
- if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
- wpa_printf(MSG_DEBUG,
-@@ -12071,13 +12068,14 @@ static int wpa_driver_br_add_ip_neigh(vo
- const u8 *ipaddr, int prefixlen,
- const u8 *addr)
- {
--#ifdef CONFIG_LIBNL3_ROUTE
- struct i802_bss *bss = priv;
- struct wpa_driver_nl80211_data *drv = bss->drv;
-- struct rtnl_neigh *rn;
-- struct nl_addr *nl_ipaddr = NULL;
-- struct nl_addr *nl_lladdr = NULL;
-- int family, addrsize;
-+ struct ndmsg nhdr = {
-+ .ndm_state = NUD_PERMANENT,
-+ .ndm_ifindex = bss->br_ifindex,
-+ };
-+ struct nl_msg *msg;
-+ int addrsize;
- int res;
-
- if (!ipaddr || prefixlen == 0 || !addr)
-@@ -12096,85 +12094,66 @@ static int wpa_driver_br_add_ip_neigh(vo
- }
-
- if (version == 4) {
-- family = AF_INET;
-+ nhdr.ndm_family = AF_INET;
- addrsize = 4;
- } else if (version == 6) {
-- family = AF_INET6;
-+ nhdr.ndm_family = AF_INET6;
- addrsize = 16;
- } else {
- return -EINVAL;
- }
-
-- rn = rtnl_neigh_alloc();
-- if (rn == NULL)
-+ msg = nlmsg_alloc_simple(RTM_NEWNEIGH, NLM_F_CREATE);
-+ if (!msg)
- return -ENOMEM;
-
-- /* set the destination ip address for neigh */
-- nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
-- if (nl_ipaddr == NULL) {
-- wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
-- res = -ENOMEM;
-+ res = -ENOMEM;
-+ if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
- goto errout;
-- }
-- nl_addr_set_prefixlen(nl_ipaddr, prefixlen);
-- res = rtnl_neigh_set_dst(rn, nl_ipaddr);
-- if (res) {
-- wpa_printf(MSG_DEBUG,
-- "nl80211: neigh set destination addr failed");
-+
-+ if (nla_put(msg, NDA_DST, addrsize, (void *)ipaddr))
- goto errout;
-- }
-
-- /* set the corresponding lladdr for neigh */
-- nl_lladdr = nl_addr_build(AF_BRIDGE, (u8 *) addr, ETH_ALEN);
-- if (nl_lladdr == NULL) {
-- wpa_printf(MSG_DEBUG, "nl80211: neigh set lladdr failed");
-- res = -ENOMEM;
-+ if (nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *)addr))
- goto errout;
-- }
-- rtnl_neigh_set_lladdr(rn, nl_lladdr);
-
-- rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
-- rtnl_neigh_set_state(rn, NUD_PERMANENT);
-+ res = nl_send_auto_complete(drv->rtnl_sk, msg);
-+ if (res < 0)
-+ goto errout;
-
-- res = rtnl_neigh_add(drv->rtnl_sk, rn, NLM_F_CREATE);
-+ res = nl_wait_for_ack(drv->rtnl_sk);
- if (res) {
- wpa_printf(MSG_DEBUG,
- "nl80211: Adding bridge ip neigh failed: %s",
- nl_geterror(res));
- }
- errout:
-- if (nl_lladdr)
-- nl_addr_put(nl_lladdr);
-- if (nl_ipaddr)
-- nl_addr_put(nl_ipaddr);
-- if (rn)
-- rtnl_neigh_put(rn);
-+ nlmsg_free(msg);
- return res;
--#else /* CONFIG_LIBNL3_ROUTE */
-- return -1;
--#endif /* CONFIG_LIBNL3_ROUTE */
- }
-
-
- static int wpa_driver_br_delete_ip_neigh(void *priv, u8 version,
- const u8 *ipaddr)
- {
--#ifdef CONFIG_LIBNL3_ROUTE
- struct i802_bss *bss = priv;
- struct wpa_driver_nl80211_data *drv = bss->drv;
-- struct rtnl_neigh *rn;
-- struct nl_addr *nl_ipaddr;
-- int family, addrsize;
-+ struct ndmsg nhdr = {
-+ .ndm_state = NUD_PERMANENT,
-+ .ndm_ifindex = bss->br_ifindex,
-+ };
-+ struct nl_msg *msg;
-+ int addrsize;
- int res;
-
- if (!ipaddr)
- return -EINVAL;
-
- if (version == 4) {
-- family = AF_INET;
-+ nhdr.ndm_family = AF_INET;
- addrsize = 4;
- } else if (version == 6) {
-- family = AF_INET6;
-+ nhdr.ndm_family = AF_INET6;
- addrsize = 16;
- } else {
- return -EINVAL;
-@@ -12192,41 +12171,30 @@ static int wpa_driver_br_delete_ip_neigh
- return -1;
- }
-
-- rn = rtnl_neigh_alloc();
-- if (rn == NULL)
-+ msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
-+ if (!msg)
- return -ENOMEM;
-
-- /* set the destination ip address for neigh */
-- nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
-- if (nl_ipaddr == NULL) {
-- wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
-- res = -ENOMEM;
-+ res = -ENOMEM;
-+ if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
- goto errout;
-- }
-- res = rtnl_neigh_set_dst(rn, nl_ipaddr);
-- if (res) {
-- wpa_printf(MSG_DEBUG,
-- "nl80211: neigh set destination addr failed");
-+
-+ if (nla_put(msg, NDA_DST, addrsize, (void *)ipaddr))
- goto errout;
-- }
-
-- rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
-+ res = nl_send_auto_complete(drv->rtnl_sk, msg);
-+ if (res < 0)
-+ goto errout;
-
-- res = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
-+ res = nl_wait_for_ack(drv->rtnl_sk);
- if (res) {
- wpa_printf(MSG_DEBUG,
- "nl80211: Deleting bridge ip neigh failed: %s",
- nl_geterror(res));
- }
- errout:
-- if (nl_ipaddr)
-- nl_addr_put(nl_ipaddr);
-- if (rn)
-- rtnl_neigh_put(rn);
-+ nlmsg_free(msg);
- return res;
--#else /* CONFIG_LIBNL3_ROUTE */
-- return -1;
--#endif /* CONFIG_LIBNL3_ROUTE */
- }
-
-
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Mon, 18 Feb 2019 12:57:11 +0100
-Subject: [PATCH] mesh: allow processing authentication frames in blocked state
-
-If authentication fails repeatedly e.g. because of a weak signal, the link
-can end up in blocked state. If one of the nodes tries to establish a link
-again before it is unblocked on the other side, it will block the link to
-that other side. The same happens on the other side when it unblocks the
-link. In that scenario, the link never recovers on its own.
-
-To fix this, allow restarting authentication even if the link is in blocked
-state, but don't initiate the attempt until the blocked period is over.
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -3032,15 +3032,6 @@ static void handle_auth(struct hostapd_d
- seq_ctrl);
- return;
- }
--#ifdef CONFIG_MESH
-- if ((hapd->conf->mesh & MESH_ENABLED) &&
-- sta->plink_state == PLINK_BLOCKED) {
-- wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
-- " is blocked - drop Authentication frame",
-- MAC2STR(sa));
-- return;
-- }
--#endif /* CONFIG_MESH */
- #ifdef CONFIG_PASN
- if (auth_alg == WLAN_AUTH_PASN &&
- (sta->flags & WLAN_STA_ASSOC)) {
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -3646,6 +3646,8 @@ int hostapd_remove_iface(struct hapd_int
+@@ -3993,6 +3993,8 @@ int hostapd_remove_iface(struct hapd_int
void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
int reassoc)
{
if (hapd->tkip_countermeasures) {
hostapd_drv_sta_deauth(hapd, sta->addr,
WLAN_REASON_MICHAEL_MIC_FAILURE);
-@@ -3653,10 +3655,16 @@ void hostapd_new_assoc_sta(struct hostap
+@@ -4000,10 +4002,16 @@ void hostapd_new_assoc_sta(struct hostap
}
#ifdef CONFIG_IEEE80211BE
sta->post_csa_sa_query = 0;
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
-@@ -1412,9 +1412,6 @@ bool ap_sta_set_authorized_flag(struct h
+@@ -1485,9 +1485,6 @@ bool ap_sta_set_authorized_flag(struct h
mld_assoc_link_id = -2;
}
#endif /* CONFIG_IEEE80211BE */
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -2340,6 +2340,9 @@ struct wpa_driver_capa {
+@@ -2355,6 +2355,9 @@ struct wpa_driver_capa {
/** Maximum number of iterations in a single scan plan */
u32 max_sched_scan_plan_iterations;
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
-@@ -972,6 +972,10 @@ static int wiphy_info_handler(struct nl_
+@@ -976,6 +976,10 @@ static int wiphy_info_handler(struct nl_
nla_get_u32(tb[NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS]);
}
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -502,7 +502,7 @@ void hostapd_free_hapd_data(struct hosta
+@@ -485,7 +485,7 @@ void hostapd_free_hapd_data(struct hosta
struct hapd_interfaces *ifaces = hapd->iface->interfaces;
size_t i;
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -3071,7 +3071,7 @@ static int wpa_driver_nl80211_del_beacon
+@@ -3083,7 +3083,7 @@ static int wpa_driver_nl80211_del_beacon
struct wpa_driver_nl80211_data *drv = bss->drv;
struct i802_link *link = nl80211_get_link(bss, link_id);
ifdef CONFIG_RADIUS_SERVER
CFLAGS += -DRADIUS_SERVER
-@@ -1341,7 +1426,9 @@ NOBJS += ../src/utils/trace.o
+@@ -1342,7 +1427,9 @@ NOBJS += ../src/utils/trace.o
endif
HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o
ifdef CONFIG_INTERNAL_AES
HOBJS += ../src/crypto/aes-internal.o
HOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1364,13 +1451,17 @@ SOBJS += ../src/common/sae.o
+@@ -1365,13 +1452,17 @@ SOBJS += ../src/common/sae.o
SOBJS += ../src/common/sae_pk.o
SOBJS += ../src/common/dragonfly.o
SOBJS += $(AESOBJS)
CONFIG_SIM_SIMULATOR=y
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1229,6 +1229,29 @@ endif
+@@ -1230,6 +1230,29 @@ endif
CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
endif
ifeq ($(CONFIG_TLS), gnutls)
ifndef CONFIG_CRYPTO
# default to libgcrypt
-@@ -1421,9 +1444,11 @@ endif
+@@ -1422,9 +1445,11 @@ endif
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
# Seems to be needed at least with BoringSSL
NEED_INTERNAL_AES_WRAP=y
-@@ -1437,9 +1462,11 @@ endif
+@@ -1438,9 +1463,11 @@ endif
ifdef NEED_INTERNAL_AES_WRAP
ifneq ($(CONFIG_TLS), linux)
ifdef NEED_AES_EAX
AESOBJS += ../src/crypto/aes-eax.o
NEED_AES_CTR=y
-@@ -1449,35 +1476,45 @@ AESOBJS += ../src/crypto/aes-siv.o
+@@ -1450,35 +1477,45 @@ AESOBJS += ../src/crypto/aes-siv.o
NEED_AES_CTR=y
endif
ifdef NEED_AES_CTR
ifdef NEED_AES_ENC
ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1492,12 +1529,16 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1493,12 +1530,16 @@ ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
ifdef CONFIG_INTERNAL_SHA1
SHA1OBJS += ../src/crypto/sha1-internal.o
ifdef NEED_FIPS186_2_PRF
-@@ -1509,29 +1550,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
+@@ -1510,29 +1551,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
else
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
ifdef NEED_MD5
ifdef CONFIG_INTERNAL_MD5
MD5OBJS += ../src/crypto/md5-internal.o
-@@ -1586,12 +1635,17 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1587,12 +1636,17 @@ ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
ifdef CONFIG_INTERNAL_SHA256
SHA256OBJS += ../src/crypto/sha256-internal.o
endif
-@@ -1604,50 +1658,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
+@@ -1605,50 +1659,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
SHA256OBJS += ../src/crypto/sha512-internal.o
endif
ifdef NEED_TLS_PRF_SHA256
ifdef NEED_ASN1
OBJS += ../src/tls/asn1.o
-@@ -1822,10 +1894,12 @@ ifdef CONFIG_FIPS
+@@ -1823,10 +1895,12 @@ ifdef CONFIG_FIPS
CFLAGS += -DCONFIG_FIPS
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1240,10 +1240,6 @@ endif
+@@ -1241,10 +1241,6 @@ endif
OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
+ if tls.startswith("mbed TLS"):
+ raise HwsimSkip("TLS v1.3 not supported")
ok = ['run=OpenSSL 1.1.1', 'run=OpenSSL 3.0', 'run=OpenSSL 3.1',
- 'run=OpenSSL 3.2', 'wolfSSL']
+ 'run=OpenSSL 3.2', 'run=OpenSSL 3.3', 'wolfSSL']
for s in ok:
@@ -122,11 +161,15 @@ def check_pkcs12_support(dev):
# raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls)
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
-@@ -2486,11 +2486,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
+@@ -2494,11 +2494,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
# This will fail to roam
dev[0].roam(bssid1, check_bssid=False)
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
--- a/tests/hwsim/test_fils.py
+++ b/tests/hwsim/test_fils.py
-@@ -1472,6 +1472,10 @@ def check_ec_group(dev, group):
+@@ -1477,6 +1477,10 @@ def check_ec_group(dev, group):
tls = dev.request("GET tls_library")
if tls.startswith("wolfSSL"):
return
heavy_groups = [14, 15, 16]
suitable_groups = [15, 16, 17, 18, 19, 20, 21]
groups = [str(g) for g in sae_groups]
-@@ -2194,6 +2199,8 @@ def run_sae_pwe_group(dev, apdev, group)
+@@ -2232,6 +2237,8 @@ def run_sae_pwe_group(dev, apdev, group)
logger.info("Add Brainpool EC groups since OpenSSL is new enough")
elif tls.startswith("wolfSSL"):
logger.info("Make sure Brainpool EC groups were enabled when compiling wolfSSL")
ca_cert="auth_serv/rsa3072-ca.pem",
--- a/tests/hwsim/test_wpas_ctrl.py
+++ b/tests/hwsim/test_wpas_ctrl.py
-@@ -1842,7 +1842,7 @@ def _test_wpas_ctrl_oom(dev):
+@@ -1856,7 +1856,7 @@ def _test_wpas_ctrl_oom(dev):
tls = dev[0].request("GET tls_library")
if not tls.startswith("internal"):
tests.append(('NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG', 'FAIL',
if (need_more_data) {
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1188,6 +1188,7 @@ TLS_FUNCS=y
+@@ -1189,6 +1189,7 @@ TLS_FUNCS=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
ifdef TLS_FUNCS
CFLAGS += -DWOLFSSL_DER_LOAD
OBJS += ../src/crypto/tls_wolfssl.o
-@@ -1203,6 +1204,7 @@ LIBS_p += -lwolfssl -lm
+@@ -1204,6 +1205,7 @@ LIBS_p += -lwolfssl -lm
endif
ifeq ($(CONFIG_TLS), openssl)
CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
ifdef TLS_FUNCS
CFLAGS += -DEAP_TLS_OPENSSL
-@@ -1230,6 +1232,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
+@@ -1231,6 +1233,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
endif
ifeq ($(CONFIG_TLS), mbedtls)
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=mbedtls
endif
-@@ -1249,6 +1252,7 @@ endif
+@@ -1250,6 +1253,7 @@ endif
endif
ifeq ($(CONFIG_TLS), gnutls)
ifndef CONFIG_CRYPTO
# default to libgcrypt
CONFIG_CRYPTO=gnutls
-@@ -1279,6 +1283,7 @@ endif
+@@ -1280,6 +1284,7 @@ endif
endif
ifeq ($(CONFIG_TLS), internal)
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=internal
endif
-@@ -1359,6 +1364,7 @@ endif
+@@ -1360,6 +1365,7 @@ endif
endif
ifeq ($(CONFIG_TLS), linux)
#undef VHT_CAP_CHECK_MAX
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
-@@ -1397,6 +1397,8 @@ struct ieee80211_ampe_ie {
+@@ -1398,6 +1398,8 @@ struct ieee80211_ampe_ie {
#define VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB ((u32) BIT(26) | BIT(27))
#define VHT_CAP_RX_ANTENNA_PATTERN ((u32) BIT(28))
#define VHT_CAP_TX_ANTENNA_PATTERN ((u32) BIT(29))
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Thu, 14 Sep 2023 11:28:03 +0200
-Subject: [PATCH] driver_nl80211: update drv->ifindex on removing the first
- BSS
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/src/drivers/driver_nl80211.c
-+++ b/src/drivers/driver_nl80211.c
-@@ -8985,6 +8985,7 @@ static int wpa_driver_nl80211_if_remove(
- if (drv->first_bss->next) {
- drv->first_bss = drv->first_bss->next;
- drv->ctx = drv->first_bss->ctx;
-+ drv->ifindex = drv->first_bss->ifindex;
- os_free(bss);
- } else {
- wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to");
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Mon, 18 Sep 2023 16:47:41 +0200
-Subject: [PATCH] nl80211: move nl80211_put_freq_params call outside of
- 802.11ax #ifdef
-
-The relevance of this call is not specific to 802.11ax, so it should be done
-even with CONFIG_IEEE80211AX disabled.
-
-Fixes: b3921db426ea ("nl80211: Add frequency info in start AP command")
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/src/drivers/driver_nl80211.c
-+++ b/src/drivers/driver_nl80211.c
-@@ -5315,6 +5315,9 @@ static int wpa_driver_nl80211_set_ap(voi
- nla_nest_end(msg, ftm);
- }
-
-+ if (params->freq && nl80211_put_freq_params(msg, params->freq) < 0)
-+ goto fail;
-+
- #ifdef CONFIG_IEEE80211AX
- if (params->he_spr_ctrl) {
- struct nlattr *spr;
-@@ -5349,9 +5352,6 @@ static int wpa_driver_nl80211_set_ap(voi
- nla_nest_end(msg, spr);
- }
-
-- if (params->freq && nl80211_put_freq_params(msg, params->freq) < 0)
-- goto fail;
--
- if (params->freq && params->freq->he_enabled &&
- nl80211_attr_supported(drv, NL80211_ATTR_HE_BSS_COLOR)) {
- struct nlattr *bss_color;
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Wed, 20 Sep 2023 13:41:10 +0200
-Subject: [PATCH] hostapd: cancel channel_list_update_timeout in
- hostapd_cleanup_iface_partial
-
-Fixes a crash when disabling an interface during channel list update
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/src/ap/hostapd.c
-+++ b/src/ap/hostapd.c
-@@ -656,6 +656,7 @@ static void sta_track_deinit(struct host
- void hostapd_cleanup_iface_partial(struct hostapd_iface *iface)
- {
- wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);
-+ eloop_cancel_timeout(channel_list_update_timeout, iface, NULL);
- #ifdef NEED_AP_MLME
- hostapd_stop_setup_timers(iface);
- #endif /* NEED_AP_MLME */
-@@ -685,7 +686,6 @@ void hostapd_cleanup_iface_partial(struc
- static void hostapd_cleanup_iface(struct hostapd_iface *iface)
- {
- wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);
-- eloop_cancel_timeout(channel_list_update_timeout, iface, NULL);
- eloop_cancel_timeout(hostapd_interface_setup_failure_handler, iface,
- NULL);
-
include ../src/build.rules
ifdef LIBS
-@@ -199,7 +200,8 @@ endif
+@@ -200,7 +201,8 @@ endif
ifdef CONFIG_NO_VLAN
CFLAGS += -DCONFIG_NO_VLAN
OBJS += ../src/ap/vlan_init.o
OBJS += ../src/ap/vlan_ifconfig.o
OBJS += ../src/ap/vlan.o
-@@ -358,10 +360,14 @@ CFLAGS += -DCONFIG_MBO
+@@ -359,10 +361,14 @@ CFLAGS += -DCONFIG_MBO
OBJS += ../src/ap/mbo_ap.o
endif
LIBS += $(DRV_AP_LIBS)
ifdef CONFIG_L2_PACKET
-@@ -1392,6 +1398,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1393,6 +1399,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
_OBJS_VAR := OBJS
include ../src/objs.mk
hostapd: $(OBJS)
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
@$(E) " LD " $@
-@@ -1472,6 +1484,12 @@ include ../src/objs.mk
+@@ -1473,6 +1485,12 @@ include ../src/objs.mk
_OBJS_VAR := SOBJS
include ../src/objs.mk
@$(E) " LD " $@
--- a/hostapd/main.c
+++ b/hostapd/main.c
-@@ -705,6 +705,11 @@ fail:
+@@ -692,6 +692,11 @@ fail:
return -1;
}
#ifdef CONFIG_WPS
static int gen_uuid(const char *txt_addr)
-@@ -798,6 +803,8 @@ int main(int argc, char *argv[])
+@@ -808,6 +813,8 @@ int main(int argc, char *argv[])
return -1;
#endif /* CONFIG_DPP */
if (c < 0)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
-@@ -2341,8 +2341,8 @@ err:
- #endif /* CONFIG_OWE */
+@@ -2409,8 +2409,8 @@ static void hostapd_event_color_change(s
+ #endif /* CONFIG_IEEE80211AX */
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
{
struct hostapd_data *hapd = ctx;
struct sta_info *sta;
-@@ -2674,7 +2674,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -2769,7 +2769,7 @@ void wpa_supplicant_event(void *ctx, enu
}
struct hapd_interfaces *interfaces = ctx;
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -6763,8 +6763,8 @@ union wpa_event_data {
+@@ -6847,8 +6847,8 @@ union wpa_event_data {
* Driver wrapper code should call this function whenever an event is received
* from the driver.
*/
/**
* wpa_supplicant_event_global - Report a driver event for wpa_supplicant
-@@ -6776,7 +6776,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -6860,7 +6860,7 @@ void wpa_supplicant_event(void *ctx, enu
* Same as wpa_supplicant_event(), but we search for the interface in
* wpa_global.
*/
include ../src/build.rules
ifdef CONFIG_BUILD_PASN_SO
-@@ -388,7 +389,9 @@ endif
+@@ -389,7 +390,9 @@ endif
ifdef CONFIG_IBSS_RSN
NEED_RSN_AUTHENTICATOR=y
CFLAGS += -DCONFIG_IBSS_RSN
OBJS += ibss_rsn.o
endif
-@@ -980,6 +983,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+@@ -981,6 +984,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
LIBS += -ldl -rdynamic
endif
endif
ifdef CONFIG_AP
-@@ -987,9 +994,11 @@ NEED_EAP_COMMON=y
+@@ -988,9 +995,11 @@ NEED_EAP_COMMON=y
NEED_RSN_AUTHENTICATOR=y
CFLAGS += -DCONFIG_AP
OBJS += ap.o
OBJS += ../src/ap/hostapd.o
OBJS += ../src/ap/wpa_auth_glue.o
OBJS += ../src/ap/utils.o
-@@ -1080,6 +1089,12 @@ endif
+@@ -1081,6 +1090,12 @@ endif
ifdef CONFIG_HS20
OBJS += ../src/ap/hs20.o
endif
endif
ifdef CONFIG_MBO
-@@ -1089,7 +1104,9 @@ NEED_GAS=y
+@@ -1090,7 +1105,9 @@ NEED_GAS=y
endif
ifdef NEED_RSN_AUTHENTICATOR
NEED_AES_WRAP=y
OBJS += ../src/ap/wpa_auth.o
OBJS += ../src/ap/wpa_auth_ie.o
-@@ -2079,6 +2096,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+@@ -2080,6 +2097,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
_OBJS_VAR := OBJS
include ../src/objs.mk
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
@$(E) " LD " $@
-@@ -2211,6 +2234,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
+@@ -2212,6 +2235,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
@$(E) " sed" $<
const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
-@@ -1325,6 +1330,10 @@ static void usage(void)
+@@ -1328,6 +1333,10 @@ static void usage(void)
"option several times.\n");
}
int main(int argc, char *argv[])
{
-@@ -1348,6 +1357,8 @@ int main(int argc, char *argv[])
+@@ -1351,6 +1360,8 @@ int main(int argc, char *argv[])
if (os_program_init())
return -1;
os_memset(&eapol_test, 0, sizeof(eapol_test));
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
-@@ -5919,8 +5919,8 @@ static void wpas_link_reconfig(struct wp
+@@ -5979,8 +5979,8 @@ static void wpas_link_reconfig(struct wp
}
{
struct wpa_supplicant *wpa_s = ctx;
int resched;
-@@ -6872,7 +6872,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -6932,7 +6932,7 @@ void wpa_supplicant_event(void *ctx, enu
}
struct wpa_supplicant *wpa_s;
--- a/wpa_supplicant/wpa_priv.c
+++ b/wpa_supplicant/wpa_priv.c
-@@ -1039,8 +1039,8 @@ static void wpa_priv_send_ft_response(st
+@@ -1042,8 +1042,8 @@ static void wpa_priv_send_ft_response(st
}
{
struct wpa_priv_interface *iface = ctx;
-@@ -1103,7 +1103,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -1106,7 +1106,7 @@ void wpa_supplicant_event(void *ctx, enu
}
union wpa_event_data *data)
{
struct wpa_priv_global *global = ctx;
-@@ -1217,6 +1217,8 @@ int main(int argc, char *argv[])
+@@ -1220,6 +1220,8 @@ int main(int argc, char *argv[])
if (os_program_init())
return -1;
os_memset(&global, 0, sizeof(global));
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -7583,7 +7583,6 @@ struct wpa_interface * wpa_supplicant_ma
+@@ -7714,7 +7714,6 @@ struct wpa_interface * wpa_supplicant_ma
return NULL;
}
/**
* wpa_supplicant_match_existing - Match existing interfaces
* @global: Pointer to global data from wpa_supplicant_init()
-@@ -7618,6 +7617,11 @@ static int wpa_supplicant_match_existing
+@@ -7749,6 +7748,11 @@ static int wpa_supplicant_match_existing
#endif /* CONFIG_MATCH_IFACE */
/**
* wpa_supplicant_add_iface - Add a new network interface
-@@ -7874,6 +7878,8 @@ struct wpa_global * wpa_supplicant_init(
+@@ -8005,6 +8009,8 @@ struct wpa_global * wpa_supplicant_init(
#ifndef CONFIG_NO_WPA_MSG
wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
#endif /* CONFIG_NO_WPA_MSG */
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -1405,7 +1405,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
+@@ -1406,7 +1406,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
@$(AR) cr $@ hostapd_multi.o $(OBJS)
hostapd: $(OBJS)
@$(E) " LD " $@
ifdef CONFIG_WPA_TRACE
-@@ -1416,7 +1416,7 @@ _OBJS_VAR := OBJS_c
+@@ -1417,7 +1417,7 @@ _OBJS_VAR := OBJS_c
include ../src/objs.mk
hostapd_cli: $(OBJS_c)
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -2103,31 +2103,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
+@@ -2104,31 +2104,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
@$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Thu, 4 Apr 2024 12:59:41 +0200
-Subject: [PATCH] build: de-duplicate _DIRS before calling mkdir
-
-If the build path is long, the contents of the _DIRS variable can be very long,
-since it repeats the same directories very often.
-In some cases, this has triggered an "Argument list too long" build error.
-
-Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/src/build.rules
-+++ b/src/build.rules
-@@ -80,7 +80,7 @@ endif
- _DIRS := $(BUILDDIR)/$(PROJ)
- .PHONY: _make_dirs
- _make_dirs:
-- @mkdir -p $(_DIRS)
-+ @mkdir -p $(sort $(_DIRS))
-
- $(BUILDDIR)/$(PROJ)/src/%.o: $(ROOTDIR)src/%.c $(CONFIG_FILE) | _make_dirs
- $(Q)$(CC) -c -o $@ $(CFLAGS) $<
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
-@@ -13214,7 +13214,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -13233,7 +13233,7 @@ char * wpa_supplicant_ctrl_iface_process
if (wpas_ctrl_iface_coloc_intf_report(wpa_s, buf + 18))
reply_len = -1;
#endif /* CONFIG_WNM */
} else if (os_strncmp(buf, "DISASSOC_IMMINENT ", 18) == 0) {
if (ap_ctrl_iface_disassoc_imminent(wpa_s, buf + 18))
reply_len = -1;
-@@ -13224,7 +13224,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -13243,7 +13243,7 @@ char * wpa_supplicant_ctrl_iface_process
} else if (os_strncmp(buf, "BSS_TM_REQ ", 11) == 0) {
if (ap_ctrl_iface_bss_tm_req(wpa_s, buf + 11))
reply_len = -1;
struct hapd_global {
void **drv_priv;
-@@ -806,7 +806,7 @@ int main(int argc, char *argv[])
+@@ -816,7 +816,7 @@ int main(int argc, char *argv[])
wpa_supplicant_event = hostapd_wpa_event;
wpa_supplicant_event_global = hostapd_wpa_event_global;
for (;;) {
if (c < 0)
break;
switch (c) {
-@@ -843,6 +843,8 @@ int main(int argc, char *argv[])
+@@ -853,6 +853,8 @@ int main(int argc, char *argv[])
break;
#endif /* CONFIG_DEBUG_LINUX_TRACING */
case 'v':
static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
-@@ -1670,13 +1666,10 @@ static const struct hostapd_cli_cmd host
+@@ -1686,13 +1682,10 @@ static const struct hostapd_cli_cmd host
{ "disassociate", hostapd_cli_cmd_disassociate,
hostapd_complete_stations,
"<addr> = disassociate a station" },
{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
"<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
-@@ -1701,7 +1694,6 @@ static const struct hostapd_cli_cmd host
+@@ -1717,7 +1710,6 @@ static const struct hostapd_cli_cmd host
"<SSID> <auth> <encr> <key> = configure AP" },
{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
"= show current WPS status" },
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -221,6 +221,9 @@ endif
+@@ -222,6 +222,9 @@ endif
ifdef CONFIG_NO_CTRL_IFACE
CFLAGS += -DCONFIG_NO_CTRL_IFACE
else
else
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
-@@ -3897,6 +3897,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -4005,6 +4005,7 @@ static int hostapd_ctrl_iface_receive_pr
reply_size);
} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
reply_len = hostapd_drv_status(hapd, reply, reply_size);
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
if (reply_len >= 0) {
-@@ -3938,6 +3939,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -4046,6 +4047,7 @@ static int hostapd_ctrl_iface_receive_pr
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
reply_size);
static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
struct sta_info *sta,
char *buf, size_t buflen)
-@@ -539,6 +539,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+@@ -562,6 +562,7 @@ int hostapd_ctrl_iface_sta_next(struct h
return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
}
#ifdef CONFIG_P2P_MANAGER
static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
-@@ -951,12 +952,12 @@ int hostapd_ctrl_iface_status(struct hos
+@@ -1010,12 +1011,12 @@ int hostapd_ctrl_iface_status(struct hos
return len;
len += ret;
}
if (os_snprintf_error(buflen - len, ret))
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
-@@ -2837,6 +2837,7 @@ static const char * bool_txt(bool val)
+@@ -2848,6 +2848,7 @@ static const char * bool_txt(bool val)
return val ? "TRUE" : "FALSE";
}
int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
{
-@@ -3023,6 +3024,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+@@ -3034,6 +3035,7 @@ int ieee802_1x_get_mib_sta(struct hostap
return len;
}
static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
-@@ -5583,6 +5583,7 @@ static const char * wpa_bool_txt(int val
+@@ -5956,6 +5956,7 @@ static const char * wpa_bool_txt(int val
return val ? "TRUE" : "FALSE";
}
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
-@@ -5735,7 +5736,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+@@ -6108,7 +6109,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
return len;
}
{
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
-@@ -3943,6 +3943,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+@@ -3974,6 +3974,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
}
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
-@@ -4024,6 +4026,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+@@ -4055,6 +4057,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
return (int) len;
}
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1038,6 +1038,9 @@ ifdef CONFIG_FILS
+@@ -1039,6 +1039,9 @@ ifdef CONFIG_FILS
OBJS += ../src/ap/fils_hlp.o
endif
ifdef CONFIG_CTRL_IFACE
if (wpa_s->ap_iface) {
pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
end - pos,
-@@ -12542,6 +12542,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12561,6 +12561,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = -1;
} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
if (reply_len >= 0) {
-@@ -12554,6 +12555,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12573,6 +12574,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_size - reply_len);
#endif /* CONFIG_MACSEC */
}
} else if (os_strncmp(buf, "STATUS", 6) == 0) {
reply_len = wpa_supplicant_ctrl_iface_status(
wpa_s, buf + 6, reply, reply_size);
-@@ -13042,6 +13044,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -13061,6 +13063,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = wpa_supplicant_ctrl_iface_bss(
wpa_s, buf + 4, reply, reply_size);
#ifdef CONFIG_AP
} else if (os_strcmp(buf, "STA-FIRST") == 0) {
reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
} else if (os_strncmp(buf, "STA ", 4) == 0) {
-@@ -13050,12 +13053,15 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -13069,12 +13072,15 @@ char * wpa_supplicant_ctrl_iface_process
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
reply_size);
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Thu, 4 Nov 2021 11:45:18 +0100
-Subject: [PATCH] hostapd: support qos_map_set without CONFIG_INTERWORKING
-
-This feature is useful on its own even without full interworking support
-
---- a/hostapd/config_file.c
-+++ b/hostapd/config_file.c
-@@ -1680,6 +1680,8 @@ static int parse_anqp_elem(struct hostap
- return 0;
- }
-
-+#endif /* CONFIG_INTERWORKING */
-+
-
- static int parse_qos_map_set(struct hostapd_bss_config *bss,
- char *buf, int line)
-@@ -1721,8 +1723,6 @@ static int parse_qos_map_set(struct host
- return 0;
- }
-
--#endif /* CONFIG_INTERWORKING */
--
-
- #ifdef CONFIG_HS20
- static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf,
-@@ -4260,10 +4260,10 @@ static int hostapd_config_fill(struct ho
- bss->gas_frag_limit = val;
- } else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
- bss->gas_comeback_delay = atoi(pos);
-+#endif /* CONFIG_INTERWORKING */
- } else if (os_strcmp(buf, "qos_map_set") == 0) {
- if (parse_qos_map_set(bss, pos, line) < 0)
- return 1;
--#endif /* CONFIG_INTERWORKING */
- #ifdef CONFIG_RADIUS_TEST
- } else if (os_strcmp(buf, "dump_msk_file") == 0) {
- os_free(bss->dump_msk_file);
---- a/src/ap/hostapd.c
-+++ b/src/ap/hostapd.c
-@@ -1548,6 +1548,7 @@ static int hostapd_setup_bss(struct host
- wpa_printf(MSG_ERROR, "GAS server initialization failed");
- return -1;
- }
-+#endif /* CONFIG_INTERWORKING */
-
- if (conf->qos_map_set_len &&
- hostapd_drv_set_qos_map(hapd, conf->qos_map_set,
-@@ -1555,7 +1556,6 @@ static int hostapd_setup_bss(struct host
- wpa_printf(MSG_ERROR, "Failed to initialize QoS Map");
- return -1;
- }
--#endif /* CONFIG_INTERWORKING */
-
- if (conf->bss_load_update_period && bss_load_update_init(hapd)) {
- wpa_printf(MSG_ERROR, "BSS Load initialization failed");
---- a/src/ap/ieee802_11_shared.c
-+++ b/src/ap/ieee802_11_shared.c
-@@ -1138,13 +1138,11 @@ u8 * hostapd_eid_rsnxe(struct hostapd_da
- u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
- const u8 *ext_capab_ie, size_t ext_capab_ie_len)
- {
--#ifdef CONFIG_INTERWORKING
- /* check for QoS Map support */
- if (ext_capab_ie_len >= 5) {
- if (ext_capab_ie[4] & 0x01)
- sta->qos_map_enabled = 1;
- }
--#endif /* CONFIG_INTERWORKING */
-
- if (ext_capab_ie_len > 0) {
- sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
---- a/wpa_supplicant/events.c
-+++ b/wpa_supplicant/events.c
-@@ -2935,8 +2935,6 @@ void wnm_bss_keep_alive_deinit(struct wp
- }
-
-
--#ifdef CONFIG_INTERWORKING
--
- static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map,
- size_t len)
- {
-@@ -2969,8 +2967,6 @@ static void interworking_process_assoc_r
- }
- }
-
--#endif /* CONFIG_INTERWORKING */
--
-
- static void wpa_supplicant_set_4addr_mode(struct wpa_supplicant *wpa_s)
- {
-@@ -3350,10 +3346,8 @@ static int wpa_supplicant_event_associnf
- wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
- data->assoc_info.resp_ies_len);
- #endif /* CONFIG_WNM */
--#ifdef CONFIG_INTERWORKING
- interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
- data->assoc_info.resp_ies_len);
--#endif /* CONFIG_INTERWORKING */
- if (wpa_s->hw_capab == CAPAB_VHT &&
- get_ie(data->assoc_info.resp_ies,
- data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3656,6 +3656,10 @@ static int hostapd_config_fill(struct ho
+@@ -3680,6 +3680,10 @@ static int hostapd_config_fill(struct ho
if (bss->ocv && !bss->ieee80211w)
bss->ieee80211w = 1;
#endif /* CONFIG_OCV */
} else if (os_strcmp(buf, "ht_capab") == 0) {
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -1093,6 +1093,8 @@ struct hostapd_config {
+@@ -1108,6 +1108,8 @@ struct hostapd_config {
int ht_op_mode_fixed;
u16 ht_capab;
int no_pri_sec_switch;
--- a/src/ap/hw_features.c
+++ b/src/ap/hw_features.c
-@@ -544,7 +544,8 @@ static int ieee80211n_check_40mhz(struct
+@@ -551,7 +551,8 @@ static int ieee80211n_check_40mhz(struct
int ret;
/* Check that HT40 is used and PRI / SEC switch is allowed */
/*
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2770,7 +2770,7 @@ static bool ibss_mesh_can_use_vht(struct
+@@ -2881,7 +2881,7 @@ static bool ibss_mesh_can_use_vht(struct
const struct wpa_ssid *ssid,
struct hostapd_hw_modes *mode)
{
return false;
if (!drv_supports_vht(wpa_s, ssid))
-@@ -2843,7 +2843,7 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2954,7 +2954,7 @@ static void ibss_mesh_select_40mhz(struc
int i, res;
unsigned int j;
static const int ht40plus[] = {
149, 157, 165, 173, 184, 192
};
int ht40 = -1;
-@@ -3093,7 +3093,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3205,7 +3205,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
enum hostapd_hw_mode hw_mode;
struct hostapd_hw_modes *mode = NULL;
-- int i, obss_scan = 1;
-+ int i, obss_scan = !(ssid->noscan);
+- int obss_scan = 1;
++ int obss_scan = !(ssid->noscan);
u8 channel;
bool is_6ghz, is_24ghz;
bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
-@@ -3143,6 +3143,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3249,6 +3249,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
freq->he_enabled = ibss_mesh_can_use_he(wpa_s, ssid, mode,
ieee80211_mode);
freq->channel = channel;
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -5870,7 +5870,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+@@ -6001,7 +6001,7 @@ wpa_supplicant_alloc(struct wpa_supplica
if (wpa_s == NULL)
return NULL;
wpa_s->scan_req = INITIAL_SCAN_REQ;
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -5483,7 +5483,7 @@ static int nl80211_set_channel(struct i8
+@@ -5494,7 +5494,7 @@ static int nl80211_set_channel(struct i8
freq->he_enabled, freq->eht_enabled, freq->bandwidth,
freq->center_freq1, freq->center_freq2);
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -3075,12 +3075,12 @@ static int wpa_driver_nl80211_del_beacon
- return 0;
-
- wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
-- drv->ifindex);
-+ bss->ifindex);
- link->beacon_set = 0;
- link->freq = 0;
-
- nl80211_put_wiphy_data_ap(bss);
-- msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
-+ msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON);
- if (!msg)
- return -ENOBUFS;
-
-@@ -6176,8 +6176,7 @@ static void nl80211_teardown_ap(struct i
+@@ -6183,8 +6183,7 @@ static void nl80211_teardown_ap(struct i
nl80211_mgmt_unsubscribe(bss, "AP teardown");
nl80211_put_wiphy_data_ap(bss);
}
-@@ -8977,8 +8976,6 @@ static int wpa_driver_nl80211_if_remove(
- } else {
- wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
- nl80211_teardown_ap(bss);
-- if (!bss->added_if && !drv->first_bss->next)
-- wpa_driver_nl80211_del_beacon_all(bss);
- nl80211_destroy_bss(bss);
- if (!bss->added_if)
- i802_set_iface_flags(bss, 0);
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -971,6 +971,9 @@ struct wpa_driver_associate_params {
+@@ -979,6 +979,9 @@ struct wpa_driver_associate_params {
* responsible for selecting with which BSS to associate. */
const u8 *bssid;
* macsec_policy - Determines the policy for MACsec secure session
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -4249,6 +4249,12 @@ static void wpas_start_assoc_cb(struct w
+@@ -4370,6 +4370,12 @@ static void wpas_start_assoc_cb(struct w
params.beacon_int = ssid->beacon_int;
else
params.beacon_int = wpa_s->conf->beacon_int;
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -1876,6 +1876,7 @@ struct wpa_driver_mesh_join_params {
+@@ -1889,6 +1889,7 @@ struct wpa_driver_mesh_join_params {
#define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008
unsigned int flags;
bool handle_dfs;
struct wpa_driver_set_key_params {
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -11850,6 +11850,18 @@ static int nl80211_put_mesh_id(struct nl
+@@ -11983,6 +11983,18 @@ static int nl80211_put_mesh_id(struct nl
}
static int nl80211_put_mesh_config(struct nl_msg *msg,
struct wpa_driver_mesh_bss_params *params)
{
-@@ -11911,6 +11923,7 @@ static int nl80211_join_mesh(struct i802
+@@ -12044,6 +12056,7 @@ static int nl80211_join_mesh(struct i802
nl80211_put_basic_rates(msg, params->basic_rates) ||
nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
nl80211_put_beacon_int(msg, params->beacon_int) ||
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -3100,6 +3100,10 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3212,6 +3212,10 @@ void ibss_mesh_setup_freq(struct wpa_sup
freq->freq = ssid->frequency;
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3708,6 +3708,8 @@ static int hostapd_config_fill(struct ho
+@@ -3734,6 +3734,8 @@ static int hostapd_config_fill(struct ho
} else if (os_strcmp(buf, "he_bss_color") == 0) {
conf->he_op.he_bss_color = atoi(pos) & 0x3f;
conf->he_op.he_bss_color_disabled = 0;
--- a/src/ap/acs.c
+++ b/src/ap/acs.c
-@@ -467,17 +467,17 @@ static int acs_get_bw_center_chan(int fr
+@@ -471,17 +471,17 @@ static int acs_get_bw_center_chan(int fr
static int acs_survey_is_sufficient(struct freq_survey *survey)
{
if (!(survey->filled & SURVEY_HAS_NF)) {
}
if (!(survey->filled & SURVEY_HAS_CHAN_TIME_BUSY) &&
-@@ -485,7 +485,6 @@ static int acs_survey_is_sufficient(stru
+@@ -489,7 +489,6 @@ static int acs_survey_is_sufficient(stru
wpa_printf(MSG_INFO,
"ACS: Survey for freq %d is missing RX and busy time (at least one is required)",
survey->freq);
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
-@@ -163,6 +163,21 @@ struct hostapd_sae_commit_queue {
+@@ -168,6 +168,21 @@ struct hostapd_sae_commit_queue {
};
/**
* struct hostapd_data - hostapd per-BSS data structure
*/
struct hostapd_data {
-@@ -182,6 +197,9 @@ struct hostapd_data {
+@@ -181,6 +196,9 @@ struct hostapd_data {
- struct hostapd_data *mld_first_bss;
+ u8 own_addr[ETH_ALEN];
+ /* OpenWrt specific statistics */
+ struct hostapd_openwrt_stats openwrt_stats;
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -166,6 +166,12 @@ OBJS += ../src/common/hw_features_common
+@@ -167,6 +167,12 @@ OBJS += ../src/common/hw_features_common
OBJS += ../src/eapol_auth/eapol_auth_sm.o
}
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
-@@ -1351,6 +1351,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -1357,6 +1357,12 @@ void handle_probe_req(struct hostapd_dat
int mld_id;
u16 links;
#endif /* CONFIG_IEEE80211BE */
if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
ssi_signal < hapd->iconf->rssi_ignore_probe_request)
-@@ -1537,6 +1543,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -1543,6 +1549,12 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_P2P */
--- a/src/ap/dfs.c
+++ b/src/ap/dfs.c
-@@ -1225,6 +1225,8 @@ int hostapd_dfs_pre_cac_expired(struct h
+@@ -1236,6 +1236,8 @@ int hostapd_dfs_pre_cac_expired(struct h
"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
wpabuf_free(sta->p2p_ie);
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -493,6 +493,7 @@ void hostapd_free_hapd_data(struct hosta
+@@ -475,6 +475,7 @@ void hostapd_free_hapd_data(struct hosta
hapd->beacon_set_done = 0;
wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
accounting_deinit(hapd);
hostapd_deinit_wpa(hapd);
vlan_deinit(hapd);
-@@ -1274,6 +1275,8 @@ static int hostapd_start_beacon(struct h
+@@ -1303,6 +1304,8 @@ static int hostapd_start_beacon(struct h
if (hapd->driver && hapd->driver->set_operstate)
hapd->driver->set_operstate(hapd->drv_priv, 1);
return 0;
}
-@@ -2367,6 +2370,7 @@ static int hostapd_setup_interface_compl
+@@ -2481,6 +2484,7 @@ static int hostapd_setup_interface_compl
if (err)
goto fail;
wpa_printf(MSG_DEBUG, "Completing interface initialization");
if (iface->freq) {
#ifdef NEED_AP_MLME
-@@ -2586,6 +2590,7 @@ dfs_offload:
+@@ -2700,6 +2704,7 @@ dfs_offload:
fail:
wpa_printf(MSG_ERROR, "Interface initialization failed");
if (iface->is_no_ir) {
hostapd_set_state(iface, HAPD_IFACE_NO_IR);
-@@ -3076,6 +3081,7 @@ void hostapd_interface_deinit_free(struc
+@@ -3416,6 +3421,7 @@ void hostapd_interface_deinit_free(struc
(unsigned int) iface->conf->num_bss);
driver = iface->bss[0]->driver;
drv_priv = iface->bss[0]->drv_priv;
#define OCE_STA_CFON_ENABLED(hapd) \
((hapd->conf->oce & OCE_STA_CFON) && \
-@@ -184,6 +185,7 @@ struct hostapd_data {
+@@ -189,6 +190,7 @@ struct hostapd_data {
struct hostapd_iface *iface;
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
-@@ -707,6 +709,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -743,6 +745,7 @@ hostapd_alloc_bss_data(struct hostapd_if
struct hostapd_bss_config *bss);
int hostapd_setup_interface(struct hostapd_iface *iface);
int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
struct hostapd_iface * hostapd_alloc_iface(void);
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
-@@ -2798,7 +2798,7 @@ static void handle_auth(struct hostapd_d
+@@ -2874,7 +2874,7 @@ static void handle_auth(struct hostapd_d
u16 auth_alg, auth_transaction, status_code;
u16 resp = WLAN_STATUS_SUCCESS;
struct sta_info *sta = NULL;
u16 fc;
const u8 *challenge = NULL;
u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
-@@ -2807,6 +2807,11 @@ static void handle_auth(struct hostapd_d
- struct radius_sta rad_info;
- const u8 *dst, *sa, *bssid;
+@@ -2885,6 +2885,11 @@ static void handle_auth(struct hostapd_d
+ #ifdef CONFIG_IEEE80211BE
bool mld_sta = false;
+ #endif /* CONFIG_IEEE80211BE */
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_AUTH_REQ,
+ .mgmt_frame = mgmt,
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -2998,6 +3003,13 @@ static void handle_auth(struct hostapd_d
+@@ -3078,6 +3083,13 @@ static void handle_auth(struct hostapd_d
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
if (res == HOSTAPD_ACL_PENDING)
return;
-@@ -5242,7 +5254,7 @@ static void handle_assoc(struct hostapd_
+@@ -5338,7 +5350,7 @@ static void handle_assoc(struct hostapd_
int resp = WLAN_STATUS_SUCCESS;
u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
const u8 *pos;
struct sta_info *sta;
u8 *tmp = NULL;
#ifdef CONFIG_FILS
-@@ -5484,6 +5496,11 @@ static void handle_assoc(struct hostapd_
+@@ -5580,6 +5592,11 @@ static void handle_assoc(struct hostapd_
left = res;
}
#endif /* CONFIG_FILS */
/* followed by SSID and Supported rates; and HT capabilities if 802.11n
* is used */
-@@ -5586,6 +5603,13 @@ static void handle_assoc(struct hostapd_
+@@ -5682,6 +5699,13 @@ static void handle_assoc(struct hostapd_
if (set_beacon)
- ieee802_11_set_beacons(hapd->iface);
+ ieee802_11_update_beacons(hapd->iface);
+ ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+ if (ubus_resp) {
fail:
/*
-@@ -5836,6 +5860,7 @@ static void handle_disassoc(struct hosta
+@@ -5911,6 +5935,7 @@ static void handle_disassoc(struct hosta
(unsigned long) len);
return;
}
sta = ap_get_sta(hapd, mgmt->sa);
if (!sta) {
-@@ -5867,6 +5892,8 @@ static void handle_deauth(struct hostapd
+@@ -5942,6 +5967,8 @@ static void handle_deauth(struct hostapd
/* Clear the PTKSA cache entries for PASN */
ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
}
-@@ -352,6 +355,9 @@ void hostapd_handle_radio_measurement(st
- mgmt->u.action.u.rrm.action, MAC2STR(mgmt->sa));
-
- switch (mgmt->u.action.u.rrm.action) {
-+ case WLAN_RRM_LINK_MEASUREMENT_REPORT:
+@@ -406,7 +409,7 @@ void hostapd_handle_radio_measurement(st
+ hostapd_handle_nei_report_req(hapd, buf, len);
+ break;
+ case WLAN_RRM_LINK_MEASUREMENT_REPORT:
+- hostapd_handle_link_mesr_report(hapd, buf, len);
+ hostapd_ubus_handle_link_measurement(hapd, buf, len);
-+ break;
- case WLAN_RRM_RADIO_MEASUREMENT_REPORT:
- hostapd_handle_radio_msmt_report(hapd, buf, len);
break;
+ default:
+ wpa_printf(MSG_DEBUG, "RRM action %u is not supported",
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
-@@ -476,6 +476,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+@@ -542,6 +542,7 @@ void ap_handle_timer(void *eloop_ctx, vo
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
"local deauth request");
ap_free_sta(hapd, sta);
return;
}
-@@ -631,6 +632,7 @@ skip_poll:
+@@ -699,6 +700,7 @@ skip_poll:
mlme_deauthenticate_indication(
hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
ap_free_sta(hapd, sta);
break;
}
-@@ -1448,15 +1450,28 @@ void ap_sta_set_authorized_event(struct
+@@ -1521,15 +1523,28 @@ void ap_sta_set_authorized_event(struct
os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
if (authorized) {
#ifdef CONFIG_P2P
if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
os_snprintf(ip_addr, sizeof(ip_addr),
-@@ -1467,6 +1482,13 @@ void ap_sta_set_authorized_event(struct
+@@ -1540,6 +1555,13 @@ void ap_sta_set_authorized_event(struct
}
#endif /* CONFIG_P2P */
keyid = ap_sta_wpa_get_keyid(hapd, sta);
if (keyid) {
os_snprintf(keyid_buf, sizeof(keyid_buf),
-@@ -1485,17 +1507,19 @@ void ap_sta_set_authorized_event(struct
+@@ -1558,17 +1580,19 @@ void ap_sta_set_authorized_event(struct
dpp_pkhash, SHA256_MAC_LEN);
}
hapd->msg_ctx_parent != hapd->msg_ctx)
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
-@@ -319,6 +319,7 @@ struct sta_info {
+@@ -317,6 +317,7 @@ struct sta_info {
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_AIRTIME_POLICY
unsigned int airtime_weight;
}
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
-@@ -275,6 +275,7 @@ static void hostapd_wpa_auth_psk_failure
+@@ -279,6 +279,7 @@ static void hostapd_wpa_auth_psk_failure
struct hostapd_data *hapd = ctx;
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
MAC2STR(addr));
+}
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -189,6 +189,13 @@ ifdef CONFIG_EAPOL_TEST
+@@ -191,6 +191,13 @@ ifdef CONFIG_EAPOL_TEST
CFLAGS += -Werror -DEAPOL_TEST
endif
ifdef CONFIG_CODE_COVERAGE
CFLAGS += -O0 -fprofile-arcs -ftest-coverage -U_FORTIFY_SOURCE
LIBS += -lgcov
-@@ -1042,6 +1049,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
+@@ -1043,6 +1050,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
CFLAGS += -DCONFIG_CTRL_IFACE_MIB
endif
OBJS += ../src/ap/ctrl_iface_ap.o
break;
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -7716,6 +7716,8 @@ struct wpa_supplicant * wpa_supplicant_a
+@@ -7847,6 +7847,8 @@ struct wpa_supplicant * wpa_supplicant_a
}
#endif /* CONFIG_P2P */
return wpa_s;
}
-@@ -7742,6 +7744,8 @@ int wpa_supplicant_remove_iface(struct w
+@@ -7873,6 +7875,8 @@ int wpa_supplicant_remove_iface(struct w
struct wpa_supplicant *parent = wpa_s->parent;
#endif /* CONFIG_MESH */
/* Remove interface from the global list of interfaces */
prev = global->ifaces;
if (prev == wpa_s) {
-@@ -8088,8 +8092,12 @@ int wpa_supplicant_run(struct wpa_global
+@@ -8219,8 +8223,12 @@ int wpa_supplicant_run(struct wpa_global
eloop_register_signal_terminate(wpa_supplicant_terminate, global);
eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -168,9 +168,21 @@ OBJS += ../src/eapol_auth/eapol_auth_sm.
+@@ -169,9 +169,21 @@ OBJS += ../src/eapol_auth/eapol_auth_sm.
ifdef CONFIG_UBUS
CFLAGS += -DUBUS_SUPPORT
ifdef CONFIG_CODE_COVERAGE
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
-@@ -5487,6 +5487,7 @@ try_again:
+@@ -5603,6 +5603,7 @@ try_again:
return -1;
}
wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb);
return 0;
-@@ -5588,6 +5589,7 @@ fail:
+@@ -5704,6 +5705,7 @@ fail:
os_free(fname);
interface->global_ctrl_sock = s;
--- a/hostapd/main.c
+++ b/hostapd/main.c
-@@ -1014,6 +1014,7 @@ int main(int argc, char *argv[])
+@@ -1024,6 +1024,7 @@ int main(int argc, char *argv[])
}
hostapd_global_ctrl_iface_init(&interfaces);
if (hostapd_global_run(&interfaces, daemonize, pid_file)) {
wpa_printf(MSG_ERROR, "Failed to start eloop");
-@@ -1023,6 +1024,7 @@ int main(int argc, char *argv[])
+@@ -1033,6 +1034,7 @@ int main(int argc, char *argv[])
ret = 0;
out:
for (i = 0; i < interfaces.count; i++) {
--- a/src/ap/ap_drv_ops.h
+++ b/src/ap/ap_drv_ops.h
-@@ -399,6 +399,23 @@ static inline int hostapd_drv_stop_ap(st
+@@ -404,6 +404,23 @@ static inline int hostapd_drv_stop_ap(st
return hapd->driver->stop_ap(hapd->drv_priv, link_id);
}
if (iface->config_fname == NULL) {
/* Only in-memory config in use - assume it has been updated */
hostapd_clear_old(iface);
-@@ -493,6 +495,7 @@ void hostapd_free_hapd_data(struct hosta
+@@ -475,6 +477,7 @@ void hostapd_free_hapd_data(struct hosta
hapd->beacon_set_done = 0;
wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
hostapd_ubus_free_bss(hapd);
accounting_deinit(hapd);
hostapd_deinit_wpa(hapd);
-@@ -687,6 +690,7 @@ void hostapd_cleanup_iface_partial(struc
+@@ -716,6 +719,7 @@ void hostapd_cleanup_iface_partial(struc
static void hostapd_cleanup_iface(struct hostapd_iface *iface)
{
wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);
eloop_cancel_timeout(hostapd_interface_setup_failure_handler, iface,
NULL);
-@@ -1276,6 +1280,7 @@ static int hostapd_start_beacon(struct h
+@@ -1305,6 +1309,7 @@ static int hostapd_start_beacon(struct h
hapd->driver->set_operstate(hapd->drv_priv, 1);
hostapd_ubus_add_bss(hapd);
return 0;
}
-@@ -1298,8 +1303,7 @@ static int hostapd_start_beacon(struct h
+@@ -1380,8 +1385,7 @@ static int hostapd_bss_radius_init(struc
* initialized. Most of the modules that are initialized here will be
* deinitialized in hostapd_cleanup().
*/
{
struct hostapd_bss_config *conf = hapd->conf;
u8 ssid[SSID_MAX_LEN + 1];
-@@ -2790,7 +2794,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -2904,7 +2908,7 @@ hostapd_alloc_bss_data(struct hostapd_if
}
{
if (!hapd)
return;
-@@ -3608,7 +3612,8 @@ int hostapd_remove_iface(struct hapd_int
+@@ -3953,7 +3957,8 @@ int hostapd_remove_iface(struct hapd_int
hapd_iface = interfaces->iface[i];
if (hapd_iface == NULL)
return -1;
#define OCE_STA_CFON_ENABLED(hapd) \
((hapd->conf->oce & OCE_STA_CFON) && \
-@@ -51,6 +52,10 @@ struct hapd_interfaces {
+@@ -52,6 +53,10 @@ struct hapd_interfaces {
struct hostapd_config * (*config_read_cb)(const char *config_fname);
int (*ctrl_iface_init)(struct hostapd_data *hapd);
void (*ctrl_iface_deinit)(struct hostapd_data *hapd);
int (*for_each_interface)(struct hapd_interfaces *interfaces,
int (*cb)(struct hostapd_iface *iface,
void *ctx), void *ctx);
-@@ -186,6 +191,7 @@ struct hostapd_data {
+@@ -191,6 +196,7 @@ struct hostapd_data {
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
struct hostapd_ubus_bss ubus;
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
-@@ -518,6 +524,7 @@ struct hostapd_sta_info {
+@@ -548,6 +554,7 @@ struct hostapd_mld {
*/
struct hostapd_iface {
struct hapd_interfaces *interfaces;
void *owner;
char *config_fname;
struct hostapd_config *conf;
-@@ -718,6 +725,8 @@ struct hostapd_iface * hostapd_init(stru
+@@ -754,6 +761,8 @@ struct hostapd_iface * hostapd_init(stru
struct hostapd_iface *
hostapd_interface_init_bss(struct hapd_interfaces *interfaces, const char *phy,
const char *config_fname, int debug);
void hostapd_interface_deinit_free(struct hostapd_iface *iface);
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -3856,6 +3856,25 @@ struct wpa_driver_ops {
+@@ -3893,6 +3893,25 @@ struct wpa_driver_ops {
const char *ifname);
/**
* set_sta_vlan - Bind a station into a specific interface (AP only)
* @priv: Private driver interface data
* @ifname: Interface (main or virtual BSS or VLAN)
-@@ -6510,6 +6529,7 @@ union wpa_event_data {
+@@ -6593,6 +6612,7 @@ union wpa_event_data {
/**
* struct ch_switch
* @freq: Frequency of new channel in MHz
* @ht_enabled: Whether this is an HT channel
* @ch_offset: Secondary channel offset
-@@ -6520,6 +6540,7 @@ union wpa_event_data {
+@@ -6603,6 +6623,7 @@ union wpa_event_data {
* @punct_bitmap: Puncturing bitmap
*/
struct ch_switch {
nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
no_seq_check, NULL);
nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
-@@ -8554,6 +8575,7 @@ static void *i802_init(struct hostapd_da
+@@ -8573,6 +8594,7 @@ static void *i802_init(struct hostapd_da
char master_ifname[IFNAMSIZ];
int ifindex, br_ifindex = 0;
int br_added = 0;
bss = wpa_driver_nl80211_drv_init(hapd, params->ifname,
params->global_priv, 1,
-@@ -8613,21 +8635,17 @@ static void *i802_init(struct hostapd_da
+@@ -8632,21 +8654,17 @@ static void *i802_init(struct hostapd_da
(params->num_bridge == 0 || !params->bridge[0]))
add_ifidx(drv, br_ifindex, drv->ifindex);
}
if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
-@@ -8992,6 +9010,50 @@ static int wpa_driver_nl80211_if_remove(
+@@ -9015,6 +9033,50 @@ static int wpa_driver_nl80211_if_remove(
return 0;
}
static int cookie_handler(struct nl_msg *msg, void *arg)
{
-@@ -10688,6 +10750,37 @@ static int driver_nl80211_if_remove(void
- }
+@@ -10803,6 +10865,37 @@ static bool nl80211_is_drv_shared(void *
+ #endif /* CONFIG_IEEE80211BE */
+static int driver_nl80211_if_rename(void *priv, enum wpa_driver_if_type type,
static int driver_nl80211_send_mlme(void *priv, const u8 *data,
size_t data_len, int noack,
unsigned int freq,
-@@ -13881,6 +13974,8 @@ const struct wpa_driver_ops wpa_driver_n
+@@ -14040,6 +14133,8 @@ const struct wpa_driver_ops wpa_driver_n
.set_acl = wpa_driver_nl80211_set_acl,
.if_add = wpa_driver_nl80211_if_add,
.if_remove = driver_nl80211_if_remove,
+ if (count)
+ data.ch_switch.count = nla_get_u32(count);
- if (finished)
- bss->flink->freq = data.ch_switch.freq;
-@@ -3961,6 +3964,7 @@ static void do_process_drv_event(struct
+ if (link)
+ data.ch_switch.link_id = nla_get_u8(link);
+@@ -3999,6 +4002,7 @@ static void do_process_drv_event(struct
tb[NL80211_ATTR_CENTER_FREQ1],
tb[NL80211_ATTR_CENTER_FREQ2],
tb[NL80211_ATTR_PUNCT_BITMAP],
0);
break;
case NL80211_CMD_CH_SWITCH_NOTIFY:
-@@ -3973,6 +3977,7 @@ static void do_process_drv_event(struct
+@@ -4011,6 +4015,7 @@ static void do_process_drv_event(struct
tb[NL80211_ATTR_CENTER_FREQ1],
tb[NL80211_ATTR_CENTER_FREQ2],
tb[NL80211_ATTR_PUNCT_BITMAP],
extern int wpa_debug_timestamp;
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -192,8 +192,20 @@ endif
+@@ -194,8 +194,20 @@ endif
ifdef CONFIG_UBUS
CFLAGS += -DUBUS_SUPPORT
OBJS += ubus.o
endif
ifdef CONFIG_CODE_COVERAGE
-@@ -1052,6 +1064,9 @@ OBJS += ../src/ap/ctrl_iface_ap.o
+@@ -1053,6 +1065,9 @@ OBJS += ../src/ap/ctrl_iface_ap.o
ifdef CONFIG_UBUS
OBJS += ../src/ap/ubus.o
endif
CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
-@@ -5949,6 +5949,7 @@ void supplicant_event(void *ctx, enum wp
+@@ -6015,6 +6015,7 @@ void supplicant_event(void *ctx, enum wp
event_to_string(event), event);
#endif /* CONFIG_NO_STDOUT_DEBUG */
#ifdef CONFIG_FST
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1060,6 +1060,7 @@ void wpa_supplicant_set_state(struct wpa
+@@ -1148,6 +1148,7 @@ void wpa_supplicant_set_state(struct wpa
sme_sched_obss_scan(wpa_s, 0);
}
wpa_s->wpa_state = state;
#ifdef CONFIG_BGSCAN
if (state == WPA_COMPLETED && wpa_s->current_ssid != wpa_s->bgscan_ssid)
-@@ -7717,6 +7718,7 @@ struct wpa_supplicant * wpa_supplicant_a
+@@ -7848,6 +7849,7 @@ struct wpa_supplicant * wpa_supplicant_a
#endif /* CONFIG_P2P */
wpas_ubus_add_bss(wpa_s);
return wpa_s;
}
-@@ -7744,6 +7746,7 @@ int wpa_supplicant_remove_iface(struct w
+@@ -7875,6 +7877,7 @@ int wpa_supplicant_remove_iface(struct w
struct wpa_supplicant *parent = wpa_s->parent;
#endif /* CONFIG_MESH */
wpas_ubus_free_bss(wpa_s);
/* Remove interface from the global list of interfaces */
-@@ -8054,6 +8057,7 @@ struct wpa_global * wpa_supplicant_init(
+@@ -8185,6 +8188,7 @@ struct wpa_global * wpa_supplicant_init(
eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
wpas_periodic, global, NULL);
return global;
}
-@@ -8092,12 +8096,8 @@ int wpa_supplicant_run(struct wpa_global
+@@ -8223,12 +8227,8 @@ int wpa_supplicant_run(struct wpa_global
eloop_register_signal_terminate(wpa_supplicant_terminate, global);
eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
return 0;
}
-@@ -8130,6 +8130,8 @@ void wpa_supplicant_deinit(struct wpa_gl
+@@ -8261,6 +8261,8 @@ void wpa_supplicant_deinit(struct wpa_gl
wpas_notify_supplicant_deinitialized(global);
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -5065,7 +5065,12 @@ struct hostapd_config * hostapd_config_r
+@@ -5132,7 +5132,12 @@ struct hostapd_config * hostapd_config_r
int errors = 0;
size_t i;
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3559,6 +3559,8 @@ static int hostapd_config_fill(struct ho
+@@ -3583,6 +3583,8 @@ static int hostapd_config_fill(struct ho
#ifndef CONFIG_NO_VLAN
} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
bss->ssid.dynamic_vlan = atoi(pos);
} else if (os_strcmp(buf, "vlan_bridge") == 0) {
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
-@@ -387,8 +387,6 @@ int hostapd_set_wds_sta(struct hostapd_d
+@@ -390,8 +390,6 @@ int hostapd_set_wds_sta(struct hostapd_d
return -1;
if (hapd->conf->wds_bridge[0])
bridge = hapd->conf->wds_bridge;
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3041,6 +3041,14 @@ static int hostapd_config_fill(struct ho
+@@ -3065,6 +3065,14 @@ static int hostapd_config_fill(struct ho
line, bss->max_num_sta, MAX_STA_COUNT);
return 1;
}
} else if (os_strcmp(buf, "extended_key_id") == 0) {
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -1057,6 +1057,8 @@ struct hostapd_config {
+@@ -1072,6 +1072,8 @@ struct hostapd_config {
unsigned int track_sta_max_num;
unsigned int track_sta_max_age;
* ' ' (ascii 32): all environments
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
-@@ -1567,7 +1567,7 @@ void handle_probe_req(struct hostapd_dat
+@@ -1573,7 +1573,7 @@ void handle_probe_req(struct hostapd_dat
if (hapd->conf->no_probe_resp_if_max_sta &&
is_multicast_ether_addr(mgmt->da) &&
is_multicast_ether_addr(mgmt->bssid) &&
{
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
-@@ -754,6 +754,7 @@ void hostapd_cleanup_cs_params(struct ho
+@@ -790,6 +790,7 @@ void hostapd_cleanup_cs_params(struct ho
void hostapd_periodic_iface(struct hostapd_iface *iface);
int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3200,6 +3200,8 @@ static int hostapd_config_fill(struct ho
+@@ -3224,6 +3224,8 @@ static int hostapd_config_fill(struct ho
wpa_printf(MSG_INFO,
"Line %d: Obsolete peerkey parameter ignored", line);
#ifdef CONFIG_IEEE80211R_AP
int bridge_hairpin; /* hairpin_mode on bridge members */
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
-@@ -1777,8 +1777,12 @@ int hostapd_setup_wpa(struct hostapd_dat
+@@ -1763,8 +1763,12 @@ int hostapd_setup_wpa(struct hostapd_dat
wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
const char *ft_iface;
int bridge_hairpin; /* hairpin_mode on bridge members */
--- a/src/ap/ap_drv_ops.h
+++ b/src/ap/ap_drv_ops.h
-@@ -366,12 +366,12 @@ static inline int hostapd_drv_br_port_se
+@@ -371,12 +371,12 @@ static inline int hostapd_drv_br_port_se
static inline int hostapd_drv_br_set_net_param(struct hostapd_data *hapd,
enum drv_br_net_param param,
hapd->x_snoop_initialized = false;
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -4278,7 +4278,7 @@ struct wpa_driver_ops {
+@@ -4315,7 +4315,7 @@ struct wpa_driver_ops {
* Returns: 0 on success, negative (<0) on failure
*/
int (*br_set_net_param)(void *priv, enum drv_br_net_param param,
* get_wowlan - Get wake-on-wireless status
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -12376,7 +12376,7 @@ static const char * drv_br_net_param_str
+@@ -12503,7 +12503,7 @@ static const char * drv_br_net_param_str
static int wpa_driver_br_set_net_param(void *priv, enum drv_br_net_param param,
{
struct i802_bss *bss = priv;
char path[128];
-@@ -12402,8 +12402,11 @@ static int wpa_driver_br_set_net_param(v
+@@ -12529,8 +12529,11 @@ static int wpa_driver_br_set_net_param(v
return -EINVAL;
}
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Thu, 23 Dec 2021 19:18:33 +0100
-Subject: [PATCH] hostapd: only attempt to set qos map if supported by the
- driver
-
-Fixes issues with brcmfmac
-
---- a/src/ap/ap_drv_ops.c
-+++ b/src/ap/ap_drv_ops.c
-@@ -998,7 +998,8 @@ int hostapd_start_dfs_cac(struct hostapd
- int hostapd_drv_set_qos_map(struct hostapd_data *hapd,
- const u8 *qos_map_set, u8 qos_map_set_len)
- {
-- if (!hapd->driver || !hapd->driver->set_qos_map || !hapd->drv_priv)
-+ if (!hapd->driver || !hapd->driver->set_qos_map || !hapd->drv_priv ||
-+ !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING))
- return 0;
- return hapd->driver->set_qos_map(hapd->drv_priv, qos_map_set,
- qos_map_set_len);
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -2819,6 +2819,8 @@ static int hostapd_config_fill(struct ho
+@@ -2840,6 +2840,8 @@ static int hostapd_config_fill(struct ho
} else if (os_strcmp(buf, "iapp_interface") == 0) {
wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used");
#endif /* CONFIG_IAPP */
+ int dynamic_own_ip_addr;
char *nas_identifier;
struct hostapd_radius_servers *radius;
- int acct_interim_interval;
+ int radius_require_message_authenticator;
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
-@@ -601,6 +601,10 @@ int add_common_radius_attr(struct hostap
+@@ -600,6 +600,10 @@ int add_common_radius_attr(struct hostap
struct hostapd_radius_attr *attr;
int len;
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -1510,6 +1510,7 @@ int hostapd_setup_bss(struct hostapd_dat
+@@ -1366,6 +1366,7 @@ static int hostapd_bss_radius_init(struc
- os_memset(&das_conf, 0, sizeof(das_conf));
- das_conf.port = conf->radius_das_port;
-+ das_conf.nas_identifier = conf->nas_identifier;
- das_conf.shared_secret = conf->radius_das_shared_secret;
- das_conf.shared_secret_len =
- conf->radius_das_shared_secret_len;
+ os_memset(&das_conf, 0, sizeof(das_conf));
+ das_conf.port = conf->radius_das_port;
++ das_conf.nas_identifier = conf->nas_identifier;
+ das_conf.shared_secret = conf->radius_das_shared_secret;
+ das_conf.shared_secret_len =
+ conf->radius_das_shared_secret_len;
--- a/src/radius/radius_das.c
+++ b/src/radius/radius_das.c
@@ -12,13 +12,26 @@
size_t shared_secret_len;
struct hostapd_ip_addr client_addr;
unsigned int time_window;
-@@ -378,56 +391,17 @@ fail:
+@@ -388,56 +401,17 @@ fail:
}
if (radius_msg_verify_das_req(msg, das->shared_secret,
das->shared_secret_len,
-@@ -494,9 +468,8 @@ static void radius_das_receive(int sock,
+@@ -504,9 +478,8 @@ static void radius_das_receive(int sock,
radius_msg_dump(reply);
rbuf = radius_msg_get_buf(reply);
if (res < 0) {
wpa_printf(MSG_ERROR, "DAS: sendto(to %s:%d): %s",
abuf, from_port, strerror(errno));
-@@ -508,6 +481,72 @@ fail:
+@@ -518,6 +491,72 @@ fail:
radius_msg_free(reply);
}
static int radius_das_open_socket(int port)
{
-@@ -533,6 +572,49 @@ static int radius_das_open_socket(int po
+@@ -543,6 +582,49 @@ static int radius_das_open_socket(int po
}
struct radius_das_data *
radius_das_init(struct radius_das_conf *conf)
{
-@@ -553,6 +635,8 @@ radius_das_init(struct radius_das_conf *
+@@ -563,6 +645,8 @@ radius_das_init(struct radius_das_conf *
das->ctx = conf->ctx;
das->disconnect = conf->disconnect;
das->coa = conf->coa;
os_memcpy(&das->client_addr, conf->client_addr,
sizeof(das->client_addr));
-@@ -565,19 +649,15 @@ radius_das_init(struct radius_das_conf *
+@@ -575,19 +659,15 @@ radius_das_init(struct radius_das_conf *
}
das->shared_secret_len = conf->shared_secret_len;
return das;
}
-@@ -588,11 +668,14 @@ void radius_das_deinit(struct radius_das
+@@ -598,11 +678,14 @@ void radius_das_deinit(struct radius_das
if (das == NULL)
return;
src/ap/beacon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/ap/beacon.c b/src/ap/beacon.c
-index 8cd1c4170..bb9329085 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
-@@ -905,7 +905,7 @@ void handle_probe_req(struct hostapd_data *hapd,
+@@ -1416,7 +1416,7 @@ void handle_probe_req(struct hostapd_dat
* is less likely to see them (Probe Request frame sent on a
* neighboring, but partially overlapping, channel).
*/
hapd->iface->current_mode &&
(hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G ||
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211B) &&
---
-2.43.0
-
#ifndef CONFIG_NO_HOSTAPD_LOGGER
static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
-@@ -778,6 +779,11 @@ int main(int argc, char *argv[])
+@@ -788,6 +789,11 @@ int main(int argc, char *argv[])
if (os_program_init())
return -1;
sess->macacl = tmp->macacl;
eap_user_free(tmp);
-@@ -1118,11 +1155,10 @@ radius_server_encapsulate_eap(struct rad
+@@ -1123,11 +1160,10 @@ radius_server_encapsulate_eap(struct rad
}
if (code == RADIUS_CODE_ACCESS_ACCEPT) {
wpa_printf(MSG_ERROR, "Could not add RADIUS attribute");
radius_msg_free(msg);
return NULL;
-@@ -1211,11 +1247,10 @@ radius_server_macacl(struct radius_serve
+@@ -1221,11 +1257,10 @@ radius_server_macacl(struct radius_serve
}
if (code == RADIUS_CODE_ACCESS_ACCEPT) {
wpa_printf(MSG_ERROR, "Could not add RADIUS attribute");
radius_msg_free(msg);
return NULL;
-@@ -2512,7 +2547,7 @@ static int radius_server_get_eap_user(vo
+@@ -2527,7 +2562,7 @@ static int radius_server_get_eap_user(vo
ret = data->get_eap_user(data->conf_ctx, identity, identity_len,
phase2, user);
if (ret == 0 && user) {
create mode 100644 src/ap/apup.c
create mode 100644 src/ap/apup.h
-diff --git a/hostapd/Makefile b/hostapd/Makefile
-index 73048c1297..c890a7f29c 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -1415,6 +1415,11 @@ ifdef CONFIG_NO_TKIP
+@@ -1416,6 +1416,11 @@ ifdef CONFIG_NO_TKIP
CFLAGS += -DCONFIG_NO_TKIP
endif
$(DESTDIR)$(BINDIR)/%: %
install -D $(<) $(@)
-diff --git a/hostapd/config_file.c b/hostapd/config_file.c
-index bba5b19164..ef906199ec 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -5058,6 +5058,15 @@ static int hostapd_config_fill(struct hostapd_config *conf,
+@@ -5125,6 +5125,15 @@ static int hostapd_config_fill(struct ho
bss->mld_indicate_disabled = atoi(pos);
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_IEEE80211BE */
} else {
wpa_printf(MSG_ERROR,
"Line %d: unknown configuration item '%s'",
-diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
-index 0e52a9990d..9102db5ed0 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -970,6 +970,35 @@ struct hostapd_bss_config {
+@@ -985,6 +985,35 @@ struct hostapd_bss_config {
bool mld_indicate_disabled;
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_IEEE80211BE */
};
/**
-diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c
-index e7396d9aea..0a49ae515e 100644
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
-@@ -382,13 +382,39 @@ int hostapd_set_wds_sta(struct hostapd_data *hapd, char *ifname_wds,
+@@ -385,13 +385,39 @@ int hostapd_set_wds_sta(struct hostapd_d
const u8 *addr, int aid, int val)
{
const char *bridge = NULL;
}
-diff --git a/src/ap/ap_drv_ops.h b/src/ap/ap_drv_ops.h
-index fa89d2398e..ab4dc8eb16 100644
--- a/src/ap/ap_drv_ops.h
+++ b/src/ap/ap_drv_ops.h
-@@ -33,6 +33,9 @@ int hostapd_set_drv_ieee8021x(struct hostapd_data *hapd, const char *ifname,
+@@ -35,6 +35,9 @@ int hostapd_set_drv_ieee8021x(struct hos
int enabled);
int hostapd_vlan_if_add(struct hostapd_data *hapd, const char *ifname);
int hostapd_vlan_if_remove(struct hostapd_data *hapd, const char *ifname);
+ */
int hostapd_set_wds_sta(struct hostapd_data *hapd, char *ifname_wds,
const u8 *addr, int aid, int val);
-
-diff --git a/src/ap/apup.c b/src/ap/apup.c
-new file mode 100644
-index 0000000000..3575f1b6c6
+ int hostapd_sta_add(struct hostapd_data *hapd,
--- /dev/null
+++ b/src/ap/apup.c
@@ -0,0 +1,152 @@
+ " capabilities %d",
+ mIfname, sta_ret->flags, sta_ret->capability);
+}
-diff --git a/src/ap/apup.h b/src/ap/apup.h
-new file mode 100644
-index 0000000000..a14a283bb4
--- /dev/null
+++ b/src/ap/apup.h
@@ -0,0 +1,24 @@
+void apup_process_beacon(struct hostapd_data *hapd,
+ const struct ieee80211_mgmt *mgmt, size_t len,
+ const struct ieee802_11_elems *elems );
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index 1c4dd22da1..09254f18f2 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -59,6 +59,9 @@
#ifdef CONFIG_FILS
static struct wpabuf *
-@@ -3469,8 +3472,8 @@ static u16 check_multi_ap(struct hostapd_data *hapd, struct sta_info *sta,
+@@ -3562,8 +3565,8 @@ static u16 check_multi_ap(struct hostapd
}
{
/* Supported rates not used in IEEE 802.11ad/DMG */
if (hapd->iface->current_mode &&
-@@ -3855,7 +3858,7 @@ static int __check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
+@@ -3950,7 +3953,7 @@ static int __check_assoc_ies(struct host
elems->ext_capab_len);
if (resp != WLAN_STATUS_SUCCESS)
return resp;
if (resp != WLAN_STATUS_SUCCESS)
return resp;
-@@ -5927,6 +5930,11 @@ static void handle_beacon(struct hostapd_data *hapd,
+@@ -6002,6 +6005,11 @@ static void handle_beacon(struct hostapd
0);
ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
}
-diff --git a/src/ap/ieee802_11.h b/src/ap/ieee802_11.h
-index a35486d464..0861bef82e 100644
--- a/src/ap/ieee802_11.h
+++ b/src/ap/ieee802_11.h
-@@ -108,6 +108,8 @@ int hostapd_process_ml_assoc_req_addr(struct hostapd_data *hapd,
+@@ -108,6 +108,8 @@ int hostapd_process_ml_assoc_req_addr(st
const u8 *basic_mle, size_t basic_mle_len,
u8 *mld_addr);
int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta);
u16 copy_sta_ht_capab(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *ht_capab);
u16 copy_sta_vendor_vht(struct hostapd_data *hapd, struct sta_info *sta,
-diff --git a/src/drivers/driver.h b/src/drivers/driver.h
-index 1bbb9672cd..8d26561e97 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -3976,7 +3976,7 @@ struct wpa_driver_ops {
+@@ -4013,7 +4013,7 @@ struct wpa_driver_ops {
* Returns: 0 on success, -1 on failure
*/
int (*set_wds_sta)(void *priv, const u8 *addr, int aid, int val,
/**
* send_action - Transmit an Action frame
-diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
-index aeb1e6beef..b6e4ddd86d 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -8415,24 +8415,14 @@ static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
+@@ -8434,24 +8434,14 @@ static int have_ifidx(struct wpa_driver_
static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
" aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
if (val) {
---
-2.44.2
-
src/ap/ubus.h | 5 +++++
3 files changed, 28 insertions(+)
-diff --git a/src/ap/apup.c b/src/ap/apup.c
-index 3575f1b6c6..3a3991f4d6 100644
--- a/src/ap/apup.c
+++ b/src/ap/apup.c
@@ -23,6 +23,10 @@
void apup_process_beacon(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
const struct ieee802_11_elems *elems )
-@@ -149,4 +153,8 @@ void apup_process_beacon(struct hostapd_data *hapd,
+@@ -149,4 +153,8 @@ void apup_process_beacon(struct hostapd_
"apup_process_beacon(...) Added APuP peer at %s with flags: %d,"
" capabilities %d",
mIfname, sta_ret->flags, sta_ret->capability);
+ hostapd_ubus_notify_apup_newpeer(hapd, mgmt->bssid, mIfname);
+#endif
}
-diff --git a/src/ap/ubus.c b/src/ap/ubus.c
-index 8689494bcf..f21516fc3c 100644
--- a/src/ap/ubus.c
+++ b/src/ap/ubus.c
-@@ -2004,3 +2004,18 @@ int hostapd_ubus_notify_bss_transition_query(
+@@ -2004,3 +2004,18 @@ int hostapd_ubus_notify_bss_transition_q
return ureq.resp;
#endif
}
+ ubus_notify(ctx, &hapd->ubus.obj, "apup-newpeer", b.head, -1);
+}
+#endif // def CONFIG_APUP
-diff --git a/src/ap/ubus.h b/src/ap/ubus.h
-index 22767d67ee..1c65e4dcb9 100644
--- a/src/ap/ubus.h
+++ b/src/ap/ubus.h
-@@ -71,6 +71,11 @@ int hostapd_ubus_notify_bss_transition_query(
+@@ -71,6 +71,11 @@ int hostapd_ubus_notify_bss_transition_q
void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
const char *auth_alg);
#else
struct hostapd_ubus_bss {};
---
-2.44.2
-
src/ap/ucode.h | 4 ++++
3 files changed, 29 insertions(+)
-diff --git a/src/ap/apup.c b/src/ap/apup.c
-index 3a3991f4d6..f736ddc8e3 100644
--- a/src/ap/apup.c
+++ b/src/ap/apup.c
@@ -27,6 +27,10 @@
void apup_process_beacon(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
const struct ieee802_11_elems *elems )
-@@ -157,4 +161,8 @@ void apup_process_beacon(struct hostapd_data *hapd,
+@@ -157,4 +161,8 @@ void apup_process_beacon(struct hostapd_
#ifdef UBUS_SUPPORT
hostapd_ubus_notify_apup_newpeer(hapd, mgmt->bssid, mIfname);
#endif
+ hostapd_ucode_apup_newpeer(hapd, mIfname);
+#endif
}
-diff --git a/src/ap/ucode.c b/src/ap/ucode.c
-index d344190208..391002feae 100644
--- a/src/ap/ucode.c
+++ b/src/ap/ucode.c
-@@ -811,3 +811,20 @@ void hostapd_ucode_free_bss(struct hostapd_data *hapd)
+@@ -815,3 +815,20 @@ void hostapd_ucode_free_bss(struct hosta
ucv_put(wpa_ucode_call(2));
ucv_gc(vm);
}
+ ucv_gc(vm);
+}
+#endif // def CONFIG_APUP
-diff --git a/src/ap/ucode.h b/src/ap/ucode.h
-index d00b787169..c9bdde6516 100644
--- a/src/ap/ucode.h
+++ b/src/ap/ucode.h
-@@ -27,6 +27,10 @@ void hostapd_ucode_add_bss(struct hostapd_data *hapd);
+@@ -27,6 +27,10 @@ void hostapd_ucode_add_bss(struct hostap
void hostapd_ucode_free_bss(struct hostapd_data *hapd);
void hostapd_ucode_reload_bss(struct hostapd_data *hapd);
#else
static inline int hostapd_ucode_init(struct hapd_interfaces *ifaces)
---
-2.44.2
-
+++ /dev/null
-From 364c2da8741f0979dae497551e70b94c0e6c8636 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 7 Jul 2024 11:46:49 +0300
-Subject: [PATCH] SAE: Check for invalid Rejected Groups element length
- explicitly
-
-Instead of practically ignoring an odd octet at the end of the element,
-check for such invalid case explicitly. This is needed to avoid a
-potential group downgrade attack.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/ieee802_11.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -1229,7 +1229,7 @@ static int check_sae_rejected_groups(str
- struct sae_data *sae)
- {
- const struct wpabuf *groups;
-- size_t i, count;
-+ size_t i, count, len;
- const u8 *pos;
-
- if (!sae->tmp)
-@@ -1239,7 +1239,15 @@ static int check_sae_rejected_groups(str
- return 0;
-
- pos = wpabuf_head(groups);
-- count = wpabuf_len(groups) / 2;
-+ len = wpabuf_len(groups);
-+ if (len & 1) {
-+ wpa_printf(MSG_DEBUG,
-+ "SAE: Invalid length of the Rejected Groups element payload: %zu",
-+ len);
-+ return 1;
-+ }
-+
-+ count = len / 2;
- for (i = 0; i < count; i++) {
- int enabled;
- u16 group;
+++ /dev/null
-From 593a7c2f8c93edd6b552f2d42e28164464b4e6ff Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Tue, 9 Jul 2024 23:33:38 +0300
-Subject: [PATCH] SAE: Check for invalid Rejected Groups element length
- explicitly on STA
-
-Instead of practically ignoring an odd octet at the end of the element,
-check for such invalid case explicitly. This is needed to avoid a
-potential group downgrade attack.
-
-Fixes: 444d76f74f65 ("SAE: Check that peer's rejected groups are not enabled")
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/sme.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
---- a/wpa_supplicant/sme.c
-+++ b/wpa_supplicant/sme.c
-@@ -1561,14 +1561,21 @@ static int sme_sae_is_group_enabled(stru
- static int sme_check_sae_rejected_groups(struct wpa_supplicant *wpa_s,
- const struct wpabuf *groups)
- {
-- size_t i, count;
-+ size_t i, count, len;
- const u8 *pos;
-
- if (!groups)
- return 0;
-
- pos = wpabuf_head(groups);
-- count = wpabuf_len(groups) / 2;
-+ len = wpabuf_len(groups);
-+ if (len & 1) {
-+ wpa_printf(MSG_DEBUG,
-+ "SAE: Invalid length of the Rejected Groups element payload: %zu",
-+ len);
-+ return 1;
-+ }
-+ count = len / 2;
- for (i = 0; i < count; i++) {
- int enabled;
- u16 group;
+++ /dev/null
-From 9716bf1160beb677e965d9e6475d6c9e162e8374 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Tue, 9 Jul 2024 23:34:34 +0300
-Subject: [PATCH] SAE: Reject invalid Rejected Groups element in the parser
-
-There is no need to depend on all uses (i.e., both hostapd and
-wpa_supplicant) to verify that the length of the Rejected Groups field
-in the Rejected Groups element is valid (i.e., a multiple of two octets)
-since the common parser can reject the message when detecting this.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/common/sae.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
---- a/src/common/sae.c
-+++ b/src/common/sae.c
-@@ -2120,6 +2120,12 @@ static int sae_parse_rejected_groups(str
- return WLAN_STATUS_UNSPECIFIED_FAILURE;
- epos++; /* skip ext ID */
- len--;
-+ if (len & 1) {
-+ wpa_printf(MSG_DEBUG,
-+ "SAE: Invalid length of the Rejected Groups element payload: %u",
-+ len);
-+ return WLAN_STATUS_UNSPECIFIED_FAILURE;
-+ }
-
- wpabuf_free(sae->tmp->peer_rejected_groups);
- sae->tmp->peer_rejected_groups = wpabuf_alloc(len);
projects / openwrt / staging / xback.git / commitdiff