From: John Crispin Date: Fri, 29 Nov 2024 07:40:08 +0000 (+0100) Subject: hostapd: add radius WISPr rate control AVPs X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=461d9dca89ea209ab98388d2900efb59b3015581;p=openwrt%2Fopenwrt.git hostapd: add radius WISPr rate control AVPs This allows a radius server to send AVPs for client rate control inside the accept message. Further add the ratelimits to the sta-authorized ubus notification. Signed-off-by: John Crispin --- diff --git a/package/network/services/hostapd/patches/763-radius-wispr.patch b/package/network/services/hostapd/patches/763-radius-wispr.patch new file mode 100644 index 0000000000..da81a623e7 --- /dev/null +++ b/package/network/services/hostapd/patches/763-radius-wispr.patch @@ -0,0 +1,105 @@ +--- a/src/ap/ieee802_1x.c ++++ b/src/ap/ieee802_1x.c +@@ -2035,6 +2035,25 @@ static int ieee802_1x_update_vlan(struct + } + #endif /* CONFIG_NO_VLAN */ + ++static int ieee802_1x_update_wispr(struct hostapd_data *hapd, ++ struct sta_info *sta, ++ struct radius_msg *msg) ++{ ++ memset(sta->bandwidth, 0, sizeof(sta->bandwidth)); ++ ++ if (radius_msg_get_wispr(msg, sta->bandwidth)) ++ return 0; ++ ++ if (!sta->bandwidth[0] && !sta->bandwidth[1]) ++ return 0; ++ ++ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, ++ HOSTAPD_LEVEL_INFO, ++ "received wispr bandwidth from RADIUS server %d/%d", ++ sta->bandwidth[0], sta->bandwidth[1]); ++ ++ return 0; ++} + + /** + * ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server +@@ -2151,6 +2170,7 @@ ieee802_1x_receive_auth(struct radius_ms + ieee802_1x_check_hs20(hapd, sta, msg, + session_timeout_set ? + (int) session_timeout : -1); ++ ieee802_1x_update_wispr(hapd, sta, msg); + break; + case RADIUS_CODE_ACCESS_REJECT: + sm->eap_if->aaaFail = true; +--- a/src/ap/sta_info.h ++++ b/src/ap/sta_info.h +@@ -95,6 +95,7 @@ struct sta_info { + u8 supported_rates[WLAN_SUPP_RATES_MAX]; + int supported_rates_len; + u8 qosinfo; /* Valid when WLAN_STA_WMM is set */ ++ u32 bandwidth[2]; + + #ifdef CONFIG_MESH + enum mesh_plink_state plink_state; +--- a/src/radius/radius.c ++++ b/src/radius/radius.c +@@ -1339,6 +1339,35 @@ radius_msg_get_cisco_keys(struct radius_ + return keys; + } + ++#define RADIUS_VENDOR_ID_WISPR 14122 ++#define RADIUS_WISPR_AV_BW_UP 7 ++#define RADIUS_WISPR_AV_BW_DOWN 8 ++ ++int ++radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth) ++{ ++ int i; ++ ++ if (msg == NULL || bandwidth == NULL) ++ return 1; ++ ++ for (i = 0; i < 2; i++) { ++ size_t keylen; ++ u8 *key; ++ ++ key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_WISPR, ++ RADIUS_WISPR_AV_BW_UP + i, &keylen); ++ if (!key) ++ continue; ++ ++ if (keylen == 4) ++ bandwidth[i] = ntohl(*((u32 *)key)); ++ os_free(key); ++ } ++ ++ return 0; ++} ++ + + int radius_msg_add_mppe_keys(struct radius_msg *msg, + const u8 *req_authenticator, +--- a/src/radius/radius.h ++++ b/src/radius/radius.h +@@ -233,6 +233,10 @@ enum { + RADIUS_VENDOR_ATTR_WFA_HS20_T_C_URL = 10, + }; + ++#define RADIUS_VENDOR_ID_WISPR 14122 ++#define RADIUS_WISPR_AV_BW_UP 7 ++#define RADIUS_WISPR_AV_BW_DOWN 8 ++ + #ifdef _MSC_VER + #pragma pack(pop) + #endif /* _MSC_VER */ +@@ -306,6 +310,7 @@ radius_msg_get_ms_keys(struct radius_msg + struct radius_ms_mppe_keys * + radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg, + const u8 *secret, size_t secret_len); ++int radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth); + int radius_msg_add_mppe_keys(struct radius_msg *msg, + const u8 *req_authenticator, + const u8 *secret, size_t secret_len, diff --git a/package/network/services/hostapd/src/src/ap/ubus.c b/package/network/services/hostapd/src/src/ap/ubus.c index 2256720755..b026158357 100644 --- a/package/network/services/hostapd/src/src/ap/ubus.c +++ b/package/network/services/hostapd/src/src/ap/ubus.c @@ -1876,6 +1876,13 @@ void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info * blobmsg_add_string(&b, "ifname", hapd->conf->iface); if (auth_alg) blobmsg_add_string(&b, "auth-alg", auth_alg); + if (sta->bandwidth[0] || sta->bandwidth[1]) { + void *r = blobmsg_open_array(&b, "rate-limit"); + + blobmsg_add_u32(&b, "", sta->bandwidth[0]); + blobmsg_add_u32(&b, "", sta->bandwidth[1]); + blobmsg_close_array(&b, r); + } ubus_notify(ctx, &hapd->ubus.obj, "sta-authorized", b.head, -1); }