hostapd: add radius based wispr/bandwidth control

Fixes: WIFI-4888 Signed-off-by: John Crispin <john@phrozen.org>
2025-10-29 09:32:34 +00:00 · 2021-11-09 12:50:31 +01:00
parent d61d5cd35e
commit ba406fe01b
4 changed files with 283 additions and 6 deletions
--- a/feeds/ucentral/ratelimit/files/usr/bin/ratelimit
+++ b/feeds/ucentral/ratelimit/files/usr/bin/ratelimit
@@ -39,8 +39,8 @@ delclient() {
 	TC class del dev $ifb parent 1:1 classid 1:$id
 }

-ingress=
-egress=
+ingress=0
+egress=0

 getrate() {
 	config_get ssid $1 ssid
@@ -55,12 +55,17 @@ addclient() {
 	local mac=$2
 	local ssid=$(cat /tmp/ratelimit.$iface)

+	egress=$3
+	ingress=$4
+
 	logger "ratelimit: adding client"

-	config_load ratelimit
-	config_foreach getrate rate $ssid
+	[ "$egress" -eq 0 -o $ingress -eq 0 ] && {
+		config_load ratelimit
+		config_foreach getrate rate $ssid
+	}

-	[ -z "$egress" -o -z $ingress ] && {
+	[ "$egress" -eq 0 -o $ingress -eq 0 ] && {
 		logger "ratelimit: no valid rates"
 		exit 1
 	}
--- a/feeds/ucentral/ratelimit/files/usr/libexec/ratelimit.sh
+++ b/feeds/ucentral/ratelimit/files/usr/libexec/ratelimit.sh
@@ -2,7 +2,7 @@

 case $2 in
 AP-STA-CONNECTED)
-	ratelimit addclient $1 $3
+	ratelimit addclient $1 $3 $4 $5
 	;;
 AP-STA-DISCONNECTED)
 	ratelimit delclient $1 $3
--- a/feeds/wifi-ax/hostapd/patches/750-wispr.patch
+++ b/feeds/wifi-ax/hostapd/patches/750-wispr.patch
@@ -0,0 +1,126 @@
+Index: hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/ap/ieee802_1x.c
+++ hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c
+@@ -1904,6 +1904,25 @@ static int ieee802_1x_update_vlan(struct
+ }
+ #endif /* CONFIG_NO_VLAN */
+ 
+static int ieee802_1x_update_wispr(struct hostapd_data *hapd,
+				   struct sta_info *sta,
+				   struct radius_msg *msg)
+{
+	memset(sta->bandwidth, 0, sizeof(sta->bandwidth));
+
+	if (radius_msg_get_wispr(msg, &sta->bandwidth))
+		return 0;
+
+	if (!sta->bandwidth[0] && !sta->bandwidth[1])
+		return 0;
+
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+		       HOSTAPD_LEVEL_INFO,
+		       "received wispr bandwidth from RADIUS server %d/%d",
+		       sta->bandwidth[0], sta->bandwidth[1]);
+
+	return 0;
+}
+ 
+ /**
+  * ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server
+@@ -2029,6 +2048,7 @@ ieee802_1x_receive_auth(struct radius_ms
+ 		ieee802_1x_check_hs20(hapd, sta, msg,
+ 				      session_timeout_set ?
+ 				      (int) session_timeout : -1);
+		ieee802_1x_update_wispr(hapd, sta, msg);
+ 		break;
+ 	case RADIUS_CODE_ACCESS_REJECT:
+ 		sm->eap_if->aaaFail = true;
+Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.h
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.h
+++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.h
+@@ -117,6 +117,7 @@ struct sta_info {
+ 	u8 supported_rates[WLAN_SUPP_RATES_MAX];
+ 	int supported_rates_len;
+ 	u8 qosinfo; /* Valid when WLAN_STA_WMM is set */
+	u32 bandwidth[2];
+ 
+ #ifdef CONFIG_MESH
+ 	enum mesh_plink_state plink_state;
+Index: hostapd-2021-02-20-59e9794c/src/radius/radius.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.c
+++ hostapd-2021-02-20-59e9794c/src/radius/radius.c
+@@ -1182,6 +1182,35 @@ radius_msg_get_cisco_keys(struct radius_
+ 	return keys;
+ }
+ 
+#define RADIUS_VENDOR_ID_WISPR	14122
+#define RADIUS_WISPR_AV_BW_UP	7
+#define RADIUS_WISPR_AV_BW_DOWN	8
+
+int
+radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth)
+{
+	int i;
+
+	if (msg == NULL || bandwidth == NULL)
+		return 1;
+
+	for (i = 0; i < 2; i++) {
+		size_t keylen;
+		u8 *key;
+
+		key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_WISPR,
+						 RADIUS_WISPR_AV_BW_UP + i, &keylen);
+		if (!key)
+			continue;
+
+		if (keylen == 4)
+			bandwidth[i] = ntohl(*((u32 *)key));
+		os_free(key);
+	}
+
+	return 0;
+}
+
+ 
+ int radius_msg_add_mppe_keys(struct radius_msg *msg,
+ 			     const u8 *req_authenticator,
+Index: hostapd-2021-02-20-59e9794c/src/radius/radius.h
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.h
+++ hostapd-2021-02-20-59e9794c/src/radius/radius.h
+@@ -205,6 +205,10 @@ enum {
+ 	RADIUS_VENDOR_ATTR_WFA_HS20_T_C_URL = 10,
+ };
+ 
+#define RADIUS_VENDOR_ID_WISPR	14122
+#define RADIUS_WISPR_AV_BW_UP	7
+#define RADIUS_WISPR_AV_BW_DOWN	8
+
+ #ifdef _MSC_VER
+ #pragma pack(pop)
+ #endif /* _MSC_VER */
+@@ -277,6 +281,7 @@ radius_msg_get_ms_keys(struct radius_msg
+ struct radius_ms_mppe_keys *
+ radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
+ 			  const u8 *secret, size_t secret_len);
+int radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth);
+ int radius_msg_add_mppe_keys(struct radius_msg *msg,
+ 			     const u8 *req_authenticator,
+ 			     const u8 *secret, size_t secret_len,
+Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.c
+++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.c
+@@ -1292,7 +1292,7 @@ void ap_sta_set_authorized(struct hostap
+ 			    MAC2STR(sta->addr), MAC2STR(dev_addr));
+ 	else
+ #endif /* CONFIG_P2P */
+-		os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
+		os_snprintf(buf, sizeof(buf), MACSTR " %d %d", MAC2STR(sta->addr), sta->bandwidth[0] / 1000, sta->bandwidth[1] / 1000);
+ 
+ 	if (hapd->sta_authorized_cb)
+ 		hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
--- a/patches/0049-hostapd-add-wispr-bandwidth-patch.patch
+++ b/patches/0049-hostapd-add-wispr-bandwidth-patch.patch
@@ -0,0 +1,146 @@
+From 844a6bacb1c416ad5f56ee60142e786548dd659c Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Tue, 9 Nov 2021 12:49:43 +0100
+Subject: [PATCH] hostapd: add wispr bandwidth patch
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ .../services/hostapd/patches/750-wispr.patch  | 126 ++++++++++++++++++
+ 1 file changed, 126 insertions(+)
+ create mode 100644 package/network/services/hostapd/patches/750-wispr.patch
+
+diff --git a/package/network/services/hostapd/patches/750-wispr.patch b/package/network/services/hostapd/patches/750-wispr.patch
+new file mode 100644
+index 0000000000..f2f4a933d7
+--- /dev/null
+++ b/package/network/services/hostapd/patches/750-wispr.patch
+@@ -0,0 +1,126 @@
+Index: hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/ap/ieee802_1x.c
++++ hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c
+@@ -1904,6 +1904,25 @@ static int ieee802_1x_update_vlan(struct
+ }
+ #endif /* CONFIG_NO_VLAN */
+ 
++static int ieee802_1x_update_wispr(struct hostapd_data *hapd,
++				   struct sta_info *sta,
++				   struct radius_msg *msg)
++{
++	memset(sta->bandwidth, 0, sizeof(sta->bandwidth));
++
++	if (radius_msg_get_wispr(msg, &sta->bandwidth))
++		return 0;
++
++	if (!sta->bandwidth[0] && !sta->bandwidth[1])
++		return 0;
++
++	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
++		       HOSTAPD_LEVEL_INFO,
++		       "received wispr bandwidth from RADIUS server %d/%d",
++		       sta->bandwidth[0], sta->bandwidth[1]);
++
++	return 0;
++}
+ 
+ /**
+  * ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server
+@@ -2029,6 +2048,7 @@ ieee802_1x_receive_auth(struct radius_ms
+ 		ieee802_1x_check_hs20(hapd, sta, msg,
+ 				      session_timeout_set ?
+ 				      (int) session_timeout : -1);
++		ieee802_1x_update_wispr(hapd, sta, msg);
+ 		break;
+ 	case RADIUS_CODE_ACCESS_REJECT:
+ 		sm->eap_if->aaaFail = true;
+Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.h
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.h
++++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.h
+@@ -117,6 +117,7 @@ struct sta_info {
+ 	u8 supported_rates[WLAN_SUPP_RATES_MAX];
+ 	int supported_rates_len;
+ 	u8 qosinfo; /* Valid when WLAN_STA_WMM is set */
++	u32 bandwidth[2];
+ 
+ #ifdef CONFIG_MESH
+ 	enum mesh_plink_state plink_state;
+Index: hostapd-2021-02-20-59e9794c/src/radius/radius.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.c
++++ hostapd-2021-02-20-59e9794c/src/radius/radius.c
+@@ -1182,6 +1182,35 @@ radius_msg_get_cisco_keys(struct radius_
+ 	return keys;
+ }
+ 
++#define RADIUS_VENDOR_ID_WISPR	14122
++#define RADIUS_WISPR_AV_BW_UP	7
++#define RADIUS_WISPR_AV_BW_DOWN	8
++
++int
++radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth)
++{
++	int i;
++
++	if (msg == NULL || bandwidth == NULL)
++		return 1;
++
++	for (i = 0; i < 2; i++) {
++		size_t keylen;
++		u8 *key;
++
++		key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_WISPR,
++						 RADIUS_WISPR_AV_BW_UP + i, &keylen);
++		if (!key)
++			continue;
++
++		if (keylen == 4)
++			bandwidth[i] = ntohl(*((u32 *)key));
++		os_free(key);
++	}
++
++	return 0;
++}
++
+ 
+ int radius_msg_add_mppe_keys(struct radius_msg *msg,
+ 			     const u8 *req_authenticator,
+Index: hostapd-2021-02-20-59e9794c/src/radius/radius.h
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.h
++++ hostapd-2021-02-20-59e9794c/src/radius/radius.h
+@@ -205,6 +205,10 @@ enum {
+ 	RADIUS_VENDOR_ATTR_WFA_HS20_T_C_URL = 10,
+ };
+ 
++#define RADIUS_VENDOR_ID_WISPR	14122
++#define RADIUS_WISPR_AV_BW_UP	7
++#define RADIUS_WISPR_AV_BW_DOWN	8
++
+ #ifdef _MSC_VER
+ #pragma pack(pop)
+ #endif /* _MSC_VER */
+@@ -277,6 +281,7 @@ radius_msg_get_ms_keys(struct radius_msg
+ struct radius_ms_mppe_keys *
+ radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
+ 			  const u8 *secret, size_t secret_len);
++int radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth);
+ int radius_msg_add_mppe_keys(struct radius_msg *msg,
+ 			     const u8 *req_authenticator,
+ 			     const u8 *secret, size_t secret_len,
+Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.c
+===================================================================
+--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.c
++++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.c
+@@ -1292,7 +1292,7 @@ void ap_sta_set_authorized(struct hostap
+ 			    MAC2STR(sta->addr), MAC2STR(dev_addr));
+ 	else
+ #endif /* CONFIG_P2P */
+-		os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
++		os_snprintf(buf, sizeof(buf), MACSTR " %d %d", MAC2STR(sta->addr), sta->bandwidth[0] / 1000, sta->bandwidth[1] / 1000);
+ 
+ 	if (hapd->sta_authorized_cb)
+ 		hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
+-- 
+2.25.1
+