From c75d17688237a310cff1d5435db556f96dc0e6e9 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Tue, 27 Jul 2021 20:28:58 +0200
Subject: [PATCH] hostapd: make the snooping interface (for proxyarp)
 configurable

Use the VLAN interface instead of the bridge, to ensure that hostapd receives
untagged DHCP packets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7b46377a0cd9d809a3c340358121de77f005d4cc)
(cherry-picked from commit f1b98fa4fa8a86a9daf2a7177235f28cbd7c53ef)
---
 .../network/services/hostapd/files/hostapd.sh |  1 +
 .../hostapd/patches/740-snoop_iface.patch     | 37 +++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 package/network/services/hostapd/patches/740-snoop_iface.patch

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 40c6d9b851e..d29bc13ccc3 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -730,6 +730,7 @@ hostapd_set_bss_options() {
 
 	append bss_conf "ssid=$ssid" "$N"
 	[ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N"
+	[ -n "$network_ifname" ] && append bss_conf "snoop_iface=$network_ifname" "$N"
 	[ -n "$iapp_interface" ] && {
 		local ifname
 		network_get_device ifname "$iapp_interface" || ifname="$iapp_interface"
diff --git a/package/network/services/hostapd/patches/740-snoop_iface.patch b/package/network/services/hostapd/patches/740-snoop_iface.patch
new file mode 100644
index 00000000000..722d1e713ab
--- /dev/null
+++ b/package/network/services/hostapd/patches/740-snoop_iface.patch
@@ -0,0 +1,37 @@
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -278,6 +278,7 @@ struct hostapd_bss_config {
+ 	char iface[IFNAMSIZ + 1];
+ 	char bridge[IFNAMSIZ + 1];
+ 	char ft_iface[IFNAMSIZ + 1];
++	char snoop_iface[IFNAMSIZ + 1];
+ 	char vlan_bridge[IFNAMSIZ + 1];
+ 	char wds_bridge[IFNAMSIZ + 1];
+ 
+--- a/src/ap/x_snoop.c
++++ b/src/ap/x_snoop.c
+@@ -71,8 +71,12 @@ x_snoop_get_l2_packet(struct hostapd_dat
+ {
+ 	struct hostapd_bss_config *conf = hapd->conf;
+ 	struct l2_packet_data *l2;
++	const char *ifname = conf->bridge;
+ 
+-	l2 = l2_packet_init(conf->bridge, NULL, ETH_P_ALL, handler, hapd, 1);
++	if (conf->snoop_iface[0])
++		ifname = conf->snoop_iface;
++
++	l2 = l2_packet_init(ifname, NULL, ETH_P_ALL, handler, hapd, 1);
+ 	if (l2 == NULL) {
+ 		wpa_printf(MSG_DEBUG,
+ 			   "x_snoop: Failed to initialize L2 packet processing %s",
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -2357,6 +2357,8 @@ static int hostapd_config_fill(struct ho
+ 			   sizeof(conf->bss[0]->iface));
+ 	} else if (os_strcmp(buf, "bridge") == 0) {
+ 		os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
++	} else if (os_strcmp(buf, "snoop_iface") == 0) {
++		os_strlcpy(bss->snoop_iface, pos, sizeof(bss->snoop_iface));
+ 	} else if (os_strcmp(buf, "vlan_bridge") == 0) {
+ 		os_strlcpy(bss->vlan_bridge, pos, sizeof(bss->vlan_bridge));
+ 	} else if (os_strcmp(buf, "wds_bridge") == 0) {
-- 
2.30.2