Merge pull request #730 from Telecominfraproject/main

RC2 changes

.github/workflows/build-dev.yml

@@ -21,7 +21,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        target: [ 'cig_wf186h', 'cig_wf186w', 'cig_wf188n', 'cig_wf196', 'cig_wf189', 'cybertan_eww631-a1', 'cybertan_eww631-b1', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'edgecore_eap105', 'edgecore_eap111', 'edgecore_ecw5211', 'edgecore_oap101', 'edgecore_oap101-6e', 'edgecore_oap101e', 'edgecore_oap101e-6e', 'hfcl_ion4', 'hfcl_ion4xe', 'hfcl_ion4xi', 'hfcl_ion4x', 'hfcl_ion4x_2', 'hfcl_ion4x_3', 'hfcl_ion4xi_w', 'hfcl_ion4x_w', 'indio_um-305ax', 'indio_um-325ac', 'indio_um-510ac-v3', 'indio_um-550ac', 'sercomm_ap72tip', 'udaya_a5-id2', 'udaya_a6-id2', 'wallys_dr40x9', 'wallys_dr6018', 'wallys_dr6018-v4', 'yuncore_ax820', 'yuncore_ax840', 'yuncore_fap640', 'yuncore_fap650', 'yuncore_fap655' ]
+        target: [ 'cig_wf186h', 'cig_wf186w', 'cig_wf188n', 'cig_wf196', 'cig_wf189', 'cybertan_eww631-a1', 'cybertan_eww631-b1','sonicfi_rap630c-311g', 'sonicfi_rap630w-311g', 'sonicfi_rap630w-211g', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'edgecore_eap105', 'edgecore_eap111', 'edgecore_eap112', 'edgecore_oap101', 'edgecore_oap101-6e', 'edgecore_oap101e', 'edgecore_oap101e-6e', 'hfcl_ion4xe', 'hfcl_ion4xi', 'hfcl_ion4x', 'hfcl_ion4x_2', 'hfcl_ion4x_3', 'hfcl_ion4xi_w', 'hfcl_ion4x_w', 'indio_um-305ax', 'sercomm_ap72tip', 'udaya_a6-id2', 'wallys_dr5018', 'wallys_dr6018', 'wallys_dr6018-v4', 'yuncore_ax820', 'yuncore_ax840', 'yuncore_fap640', 'yuncore_fap650', 'yuncore_fap655' ]
 
     steps:
     - uses: actions/checkout@v3

feeds/hostapd/hostapd/files/hostapd.sh

@@ -47,8 +47,8 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 		;;
 		eap192)
-			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
-			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+			[ "${ieee80211r:-0}" -gt 0 ] || append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP-SHA384"
 		;;
 		eap-eap2)
 			append wpa_key_mgmt "WPA-EAP"
@@ -73,6 +73,10 @@ hostapd_append_wpa_key_mgmt() {
 		owe)
 			append wpa_key_mgmt "OWE"
 		;;
+		psk2-radius)
+			append wpa_key_mgmt "WPA-PSK"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
+		;;
 	esac
 
 	[ "$fils" -gt 0 ] && {
@@ -126,9 +130,30 @@ hostapd_common_add_device_config() {
 
 	config_add_boolean multiple_bssid rnr_beacon he_co_locate ema
 
+	config_add_boolean afc
+	config_add_string \
+		afc_request_version afc_request_id afc_serial_number \
+		afc_location_type afc_location afc_height afc_height_type
+	config_add_array afc_cert_ids afc_freq_range afc_op_class
+	config_add_int \
+		afc_min_power afc_major_axis afc_minor_axis afc_orientation \
+		afc_vertical_tolerance
+
 	hostapd_add_log_config
 }
 
+
+hostapd_get_list() {
+	local var="$1"
+	local field="$2"
+
+	local cur __val_list
+	json_get_values __val_list "$field"
+	for cur in $__val_list; do
+		append "$var" "$cur" ","
+	done
+}
+
 hostapd_prepare_device_config() {
 	local config="$1"
 	local driver="$2"
@@ -139,7 +164,7 @@ hostapd_prepare_device_config() {
 		acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density \
 		rts_threshold beacon_rate rssi_reject_assoc_rssi rssi_ignore_probe_request maxassoc \
 		multiple_bssid he_co_locate rnr_beacon ema acs_exclude_dfs \
-		maxassoc_ignore_probe
+		maxassoc_ignore_probe band
 
 	hostapd_set_log_options base_cfg
 
@@ -252,6 +277,45 @@ hostapd_prepare_device_config() {
 	[ "$multiple_bssid" -gt 0 ] && append base_cfg "multiple_bssid=$multiple_bssid" "$N"
 	[ "$ema" -gt 0 ] && append base_cfg "ema=$ema" "$N"
 	[ "$acs_exclude_dfs" -gt 0 ] && append base_cfg "acs_exclude_dfs=$acs_exclude_dfs" "$N"
+	if [ "$band" = "6g" ]; then
+		json_get_vars afc he_6ghz_reg_pwr_type
+	else
+		afc=0
+		he_6ghz_reg_pwr_type=
+	fi
+	set_default afc 0
+	[ "$afc" -gt 0 ] && {
+		for v in afc_request_version afc_request_id afc_serial_number afc_min_power afc_height afc_height_type afc_vertical_tolerance \
+				 afc_major_axis afc_minor_axis afc_orientation; do
+			json_get_var val $v
+			append base_cfg "$v=$val" "$N"
+		done
+
+		for v in afc_cert_ids afc_op_class afc_freq_range; do
+			val=
+			hostapd_get_list val $v
+			append base_cfg "$v=$val" "$N"
+		done
+
+		json_get_vars afc_location_type afc_location
+		case "$afc_location_type" in
+			ellipse)
+				append base_cfg "afc_location_type=0" "$N"
+				append base_cfg "afc_linear_polygon=$afc_location" "$N"
+			;;
+			linear_polygon)
+				append base_cfg "afc_location_type=1" "$N"
+				append base_cfg "afc_linear_polygon=$afc_location" "$N"
+			;;
+			radial_polygon)
+				append base_cfg "afc_location_type=2" "$N"
+				append base_cfg "afc_radial_polygon=$afc_location" "$N"
+			;;
+		esac
+
+		he_6ghz_reg_pwr_type=1
+	}
+	[ -n "$he_6ghz_reg_pwr_type" ] && append base_cfg "he_6ghz_reg_pwr_type=$he_6ghz_reg_pwr_type" "$N"
 
 	json_get_values opts hostapd_options
 	for val in $opts; do
@@ -344,8 +408,8 @@ hostapd_common_add_bss_config() {
 	config_add_string lci civic
 
 	config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
-	config_add_int r0_key_lifetime reassociation_deadline
-	config_add_string mobility_domain r1_key_holder
+	config_add_int r0_key_lifetime reassociation_deadline ft_l2_refresh
+	config_add_string mobility_domain r1_key_holder ft_key
 	config_add_array r0kh r1kh
 
 	config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
@@ -439,6 +503,7 @@ hostapd_set_psk() {
 	local ifname="$1"
 
 	rm -f /var/run/hostapd-${ifname}.psk
+	touch /var/run/hostapd-${ifname}.psk
 	for_each_station hostapd_set_psk_file ${ifname}
 }
 
@@ -602,7 +667,7 @@ append_radius_server() {
 	set_default dae_port 3799
 	set_default request_cui 0
 
-	[ "$eap_server" -eq 0 ] && {
+	[ "$eap_server" -eq 0  -a -n "$auth_server" ] && {
 		append bss_conf "auth_server_addr=$auth_server" "$N"
 		append bss_conf "auth_server_port=$auth_port" "$N"
 		append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
@@ -724,8 +789,7 @@ hostapd_set_bss_options() {
 		[ -n "$wpa_strict_rekey" ] && append bss_conf "wpa_strict_rekey=$wpa_strict_rekey" "$N"
 	}
 
-	set_default nasid "${macaddr//\:}"
-	append bss_conf "nas_identifier=$nasid" "$N"
+	[ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N"
 
 	[ -n "$acct_server" ] && {
 		append bss_conf "acct_server_addr=$acct_server" "$N"
@@ -772,9 +836,7 @@ hostapd_set_bss_options() {
 			# with WPS enabled, we got to be in unconfigured state.
 			wps_not_configured=1
 			vlan_possible=1
-			[ "$macfilter" = radius ] && {
-				append_radius_server
-			}
+			append_radius_server
 		;;
 		psk|sae|psk-sae)
 			json_get_vars key wpa_psk_file
@@ -793,6 +855,7 @@ hostapd_set_bss_options() {
 			}
 			[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
 
+			append_radius_server
 			set_default dynamic_vlan 0
 			vlan_possible=1
 			wps_possible=1
@@ -925,10 +988,11 @@ hostapd_set_bss_options() {
 		set_default ieee80211r 0
 
 		if [ "$ieee80211r" -gt "0" ]; then
-			json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline
+			json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline ft_l2_refresh
 
 			set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)"
 			set_default ft_over_ds 1
+			set_default ft_l2_refresh 30
 			set_default reassociation_deadline 1000
 			skip_kh_setup=0
 
@@ -951,9 +1015,10 @@ hostapd_set_bss_options() {
 			append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
 			append bss_conf "ft_over_ds=$ft_over_ds" "$N"
 			append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
+			[ -n "$ft_l2_refresh" ] && append bss_conf "ft_l2_refresh=$ft_l2_refresh" "$N"
 
 			if [ "$skip_kh_setup" -eq "0" ]; then
-				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
+				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push ft_key
 				json_get_values r0kh r0kh
 				json_get_values r1kh r1kh
 
@@ -961,12 +1026,15 @@ hostapd_set_bss_options() {
 				set_default pmk_r1_push 0
 
 				[ -n "$r0kh" -a -n "$r1kh" ] || {
-					key=`echo -n "$mobility_domain/$auth_secret" | md5sum | awk '{print $1}'`
+					[ -z "$ft_key" ] && {
+						key=`echo -n "$mobility_domain/$auth_secret" | md5sum | awk '{print $1}'`
 
-					set_default r0kh "ff:ff:ff:ff:ff:ff,*,$key"
-					set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key"
+						set_default r0kh "ff:ff:ff:ff:ff:ff,*,$key"
+						set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key"
+					}
 				}
 
+				[ -n "$ft_key" ] && append bss_conf "ft_key=$ft_key" "$N"
 				[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
 				append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
 				append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"

feeds/hostapd/hostapd/patches/600-ubus_support.patch

@@ -292,7 +292,7 @@
  
 -		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
 -			buf, ip_addr, keyid_buf, dpp_pkhash_buf);
-+		hostapd_ubus_notify_authorized(hapd, sta, auth_alg);
++		hostapd_ubus_notify_authorized(hapd, sta);
 +		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s%s",
 +			buf, ip_addr, keyid_buf, dpp_pkhash_buf, alg_buf);
  
@@ -458,16 +458,6 @@
  }
  
  
-@@ -352,6 +355,9 @@ void hostapd_handle_radio_measurement(st
- 		   mgmt->u.action.u.rrm.action, MAC2STR(mgmt->sa));
- 
- 	switch (mgmt->u.action.u.rrm.action) {
-+	case WLAN_RRM_LINK_MEASUREMENT_REPORT:
-+		hostapd_ubus_handle_link_measurement(hapd, buf, len);
-+		break;
- 	case WLAN_RRM_RADIO_MEASUREMENT_REPORT:
- 		hostapd_handle_radio_msmt_report(hapd, buf, len);
- 		break;
 --- a/src/ap/vlan_init.c
 +++ b/src/ap/vlan_init.c
 @@ -22,6 +22,7 @@

feeds/hostapd/hostapd/patches/601-ucode_support.patch

@@ -88,6 +88,14 @@
  void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
  			   int reassoc);
  void hostapd_interface_deinit_free(struct hostapd_iface *iface);
+@@ -732,6 +741,7 @@ hostapd_switch_channel_fallback(struct h
+ void hostapd_cleanup_cs_params(struct hostapd_data *hapd);
+ void hostapd_periodic_iface(struct hostapd_iface *iface);
+ int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
++void hostapd_owe_update_trans(struct hostapd_iface *iface);
+ void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
+ 
+ void hostapd_switch_color(struct hostapd_data *hapd, u64 bitmap);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
 @@ -252,6 +252,8 @@ int hostapd_reload_config(struct hostapd
@@ -107,6 +115,15 @@
  	hostapd_ubus_free_bss(hapd);
  	accounting_deinit(hapd);
  	hostapd_deinit_wpa(hapd);
+@@ -538,7 +541,7 @@ void hostapd_free_hapd_data(struct hosta
+  * Most of the modules that are initialized in hostapd_setup_bss() are
+  * deinitialized here.
+  */
+-static void hostapd_cleanup(struct hostapd_data *hapd)
++void hostapd_cleanup(struct hostapd_data *hapd)
+ {
+ 	wpa_printf(MSG_DEBUG, "%s(hapd=%p (%s))", __func__, hapd,
+ 		   hapd->conf ? hapd->conf->iface : "N/A");
 @@ -600,6 +603,7 @@ void hostapd_cleanup_iface_partial(struc
  static void hostapd_cleanup_iface(struct hostapd_iface *iface)
  {
@@ -123,17 +140,25 @@
  
  	return 0;
  }
-@@ -1211,8 +1216,7 @@ static int hostapd_start_beacon(struct h
+@@ -1211,7 +1216,7 @@ static int hostapd_start_beacon(struct h
   * initialized. Most of the modules that are initialized here will be
   * deinitialized in hostapd_cleanup().
   */
 -static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
--			     bool start_beacon)
-+int hostapd_setup_bss(struct hostapd_data *hapd, int first, bool start_beacon)
++int hostapd_setup_bss(struct hostapd_data *hapd, int first,
+ 			     bool start_beacon)
  {
  	struct hostapd_bss_config *conf = hapd->conf;
- 	u8 ssid[SSID_MAX_LEN + 1];
-@@ -2698,7 +2702,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -2237,7 +2242,7 @@ static int hostapd_owe_iface_iter2(struc
+ #endif /* CONFIG_OWE */
+ 
+ 
+-static void hostapd_owe_update_trans(struct hostapd_iface *iface)
++void hostapd_owe_update_trans(struct hostapd_iface *iface)
+ {
+ #ifdef CONFIG_OWE
+ 	/* Check whether the enabled BSS can complete OWE transition mode
+@@ -2698,7 +2703,7 @@ hostapd_alloc_bss_data(struct hostapd_if
  }
  
  
@@ -142,7 +167,7 @@
  {
  	if (!hapd)
  		return;
-@@ -3491,7 +3495,8 @@ int hostapd_remove_iface(struct hapd_int
+@@ -3491,7 +3496,8 @@ int hostapd_remove_iface(struct hapd_int
  		hapd_iface = interfaces->iface[i];
  		if (hapd_iface == NULL)
  			return -1;
@@ -353,7 +378,7 @@
  				     tb[NL80211_ATTR_CENTER_FREQ1],
  				     tb[NL80211_ATTR_CENTER_FREQ2],
  				     tb[NL80211_ATTR_PUNCT_BITMAP],
-+				     NULL,
++					 NULL,
  				     1);
  		break;
  	case NL80211_CMD_DISCONNECT:
@@ -551,3 +576,148 @@
  	.send_mlme = driver_nl80211_send_mlme,
  	.get_hw_feature_data = nl80211_get_hw_feature_data,
  	.sta_add = wpa_driver_nl80211_sta_add,
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -547,11 +547,16 @@ static const char * sae_get_password(str
+ 				     struct sae_pt **s_pt,
+ 				     const struct sae_pk **s_pk)
+ {
++	struct hostapd_bss_config *conf = hapd->conf;
++	struct hostapd_ssid *ssid = &conf->ssid;
++	struct hostapd_sta_wpa_psk_short *psk;
+ 	const char *password = NULL;
+-	struct sae_password_entry *pw;
+-	struct sae_pt *pt = NULL;
+-	const struct sae_pk *pk = NULL;
+-	struct hostapd_sta_wpa_psk_short *psk = NULL;
++	struct sae_password_entry *pw = NULL;
++ 	struct sae_pt *pt = NULL;
++ 	const struct sae_pk *pk = NULL;
++ 
++	if (sta && sta->use_sta_psk)
++		goto use_sta_psk;
+ 
+ 	for (pw = hapd->conf->sae_passwords; pw; pw = pw->next) {
+ 		if (!is_broadcast_ether_addr(pw->peer_addr) &&
+@@ -582,6 +587,31 @@ static const char * sae_get_password(str
+ 		}
+ 	}
+ 
++use_sta_psk:
++	if (!password && sta) {
++		for (psk = sta->psk; psk; psk = psk->next) {
++			if (!psk->is_passphrase)
++				continue;
++
++			password = psk->passphrase;
++			if (!sta->use_sta_psk)
++				break;
++
++			if (sta->sae_pt) {
++				pt = sta->sae_pt;
++				break;
++			}
++
++			pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
++					   ssid->ssid_len,
++					   (const u8 *) password,
++					   os_strlen(password),
++					   NULL);
++			sta->sae_pt = pt;
++			break;
++		}
++	}
++
+ 	if (pw_entry)
+ 		*pw_entry = pw;
+ 	if (s_pt)
+@@ -3105,6 +3135,12 @@ static void handle_auth(struct hostapd_d
+ 		goto fail;
+ 	}
+ 
++	res = hostapd_ucode_sta_auth(hapd, sta);
++	if (res) {
++		resp = res;
++		goto fail;
++	}
++
+ 	sta->flags &= ~WLAN_STA_PREAUTH;
+ 	ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
+ 
+--- a/src/ap/sta_info.c
++++ b/src/ap/sta_info.c
+@@ -425,6 +425,9 @@ void ap_free_sta(struct hostapd_data *ha
+ 	forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
+ #endif /* CONFIG_TESTING_OPTIONS */
+ 
++	if (sta->sae_pt)
++		sae_deinit_pt(sta->sae_pt);
++
+ 	os_free(sta);
+ }
+ 
+@@ -1326,6 +1329,8 @@ void ap_sta_set_authorized(struct hostap
+ 		sta->flags &= ~WLAN_STA_AUTHORIZED;
+ 	}
+ 
++	if (authorized)
++		hostapd_ucode_sta_connected(hapd, sta);
+ #ifdef CONFIG_P2P
+ 	if (hapd->p2p_group == NULL) {
+ 		if (sta->p2p_ie != NULL &&
+--- a/src/ap/sta_info.h
++++ b/src/ap/sta_info.h
+@@ -198,6 +198,9 @@ struct sta_info {
+ 	int vlan_id_bound; /* updated by ap_sta_bind_vlan() */
+ 	 /* PSKs from RADIUS authentication server */
+ 	struct hostapd_sta_wpa_psk_short *psk;
++	struct sae_pt *sae_pt;
++	int use_sta_psk;
++	int psk_idx;
+ 
+ 	char *identity; /* User-Name from RADIUS */
+ 	char *radius_cui; /* Chargeable-User-Identity from RADIUS */
+--- a/src/ap/wpa_auth_glue.c
++++ b/src/ap/wpa_auth_glue.c
+@@ -341,6 +341,7 @@ static const u8 * hostapd_wpa_auth_get_p
+ 	struct sta_info *sta = ap_get_sta(hapd, addr);
+ 	const u8 *psk;
+ 
++	sta->psk_idx = 0;
+ 	if (vlan_id)
+ 		*vlan_id = 0;
+ 	if (psk_len)
+@@ -387,13 +388,18 @@ static const u8 * hostapd_wpa_auth_get_p
+ 	 * returned psk which should not be returned again.
+ 	 * logic list (all hostapd_get_psk; all sta->psk)
+ 	 */
++	if (sta && sta->use_sta_psk)
++		psk = NULL;
+ 	if (sta && sta->psk && !psk) {
+ 		struct hostapd_sta_wpa_psk_short *pos;
++		int psk_idx;
+ 
+ 		if (vlan_id)
+ 			*vlan_id = 0;
+ 		psk = sta->psk->psk;
++		sta->psk_idx = psk_idx = 1;
+ 		for (pos = sta->psk; pos; pos = pos->next) {
++			psk_idx++;
+ 			if (pos->is_passphrase) {
+ 				if (pbkdf2_sha1(pos->passphrase,
+ 						hapd->conf->ssid.ssid,
+@@ -406,10 +412,14 @@ static const u8 * hostapd_wpa_auth_get_p
+ 				pos->is_passphrase = 0;
+ 			}
+ 			if (pos->psk == prev_psk) {
++				sta->psk_idx = psk_idx;
+ 				psk = pos->next ? pos->next->psk : NULL;
+ 				break;
+ 			}
+ 		}
++
++		if (!psk)
++			sta->psk_idx = 0;
+ 	}
+ 	return psk;
+ }

feeds/hostapd/hostapd/patches/751-wispr-ft.patch

@@ -0,0 +1,539 @@
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -16,7 +16,11 @@
+ 
+ struct vlan_description;
+ struct mld_info;
+-
++struct rate_description {
++	u32 rx;
++	u32 tx;
++};
++ 
+ #define MAX_OWN_IE_OVERRIDE 256
+ 
+ #ifdef _MSC_VER
+@@ -88,6 +92,7 @@ struct ft_rrb_frame {
+ #define FT_RRB_IDENTITY      15
+ #define FT_RRB_RADIUS_CUI    16
+ #define FT_RRB_SESSION_TIMEOUT  17 /* le32 seconds */
++#define FT_RRB_RATE_LIMIT	18
+ 
+ struct ft_rrb_tlv {
+ 	le16 type;
+@@ -368,6 +373,10 @@ struct wpa_auth_callbacks {
+ 			struct vlan_description *vlan);
+ 	int (*get_vlan)(void *ctx, const u8 *sta_addr,
+ 			struct vlan_description *vlan);
++	int (*set_rate_limit)(void *ctx, const u8 *sta_addr,
++			      struct rate_description *rate);
++	int (*get_rate_limit)(void *ctx, const u8 *sta_addr,
++			      struct rate_description *rate);
+ 	int (*set_identity)(void *ctx, const u8 *sta_addr,
+ 			    const u8 *identity, size_t identity_len);
+ 	size_t (*get_identity)(void *ctx, const u8 *sta_addr, const u8 **buf);
+@@ -536,7 +545,7 @@ int wpa_ft_fetch_pmk_r1(struct wpa_authe
+ 			struct vlan_description *vlan,
+ 			const u8 **identity, size_t *identity_len,
+ 			const u8 **radius_cui, size_t *radius_cui_len,
+-			int *session_timeout);
++			int *session_timeout, struct rate_description *rate);
+ 
+ #endif /* CONFIG_IEEE80211R_AP */
+ 
+--- a/src/ap/wpa_auth_glue.c
++++ b/src/ap/wpa_auth_glue.c
+@@ -1200,6 +1200,40 @@ static int hostapd_wpa_auth_get_vlan(voi
+ }
+ 
+ 
++static int hostapd_wpa_auth_set_rate_limit(void *ctx, const u8 *sta_addr,
++					   struct rate_description *rate)
++{
++	struct hostapd_data *hapd = ctx;
++	struct sta_info *sta;
++
++	sta = ap_get_sta(hapd, sta_addr);
++	if (!sta || !sta->wpa_sm)
++		return -1;
++
++	memcpy(sta->bandwidth, rate, sizeof(*rate));
++	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
++		       HOSTAPD_LEVEL_INFO, "rate-limit %d %d", sta->bandwidth[0], sta->bandwidth[1]);
++
++	return 0;
++}
++
++
++static int hostapd_wpa_auth_get_rate_limit(void *ctx, const u8 *sta_addr,
++					   struct rate_description *rate)
++{
++	struct hostapd_data *hapd = ctx;
++	struct sta_info *sta;
++
++	sta = ap_get_sta(hapd, sta_addr);
++	if (!sta)
++		return -1;
++
++	memcpy(rate, sta->bandwidth, sizeof(*rate));
++
++	return 0;
++}
++
++
+ static int
+ hostapd_wpa_auth_set_identity(void *ctx, const u8 *sta_addr,
+ 			      const u8 *identity, size_t identity_len)
+@@ -1640,6 +1674,8 @@ int hostapd_setup_wpa(struct hostapd_dat
+ 		.add_tspec = hostapd_wpa_auth_add_tspec,
+ 		.set_vlan = hostapd_wpa_auth_set_vlan,
+ 		.get_vlan = hostapd_wpa_auth_get_vlan,
++		.set_rate_limit = hostapd_wpa_auth_set_rate_limit,
++		.get_rate_limit = hostapd_wpa_auth_get_rate_limit,
+ 		.set_identity = hostapd_wpa_auth_set_identity,
+ 		.get_identity = hostapd_wpa_auth_get_identity,
+ 		.set_radius_cui = hostapd_wpa_auth_set_radius_cui,
+--- a/src/ap/wpa_auth_ft.c
++++ b/src/ap/wpa_auth_ft.c
+@@ -379,6 +379,14 @@ static size_t wpa_ft_vlan_len(const stru
+ 	return tlv_len;
+ }
+ 
++static size_t wpa_ft_rate_limit_len(const struct rate_description *rate)
++{
++	if (!rate || (!rate->rx && !rate->tx))
++		return 0;
++
++	return (sizeof(struct ft_rrb_tlv) + 8);
++}
++
+ 
+ static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan,
+ 			      u8 *start, u8 *endpos)
+@@ -434,10 +442,48 @@ static size_t wpa_ft_vlan_lin(const stru
+ }
+ 
+ 
++static size_t wpa_ft_rate_limit_lin(const struct rate_description *rate,
++				    u8 *start, u8 *endpos)
++{
++	size_t tlv_len;
++	int i, len;
++	struct ft_rrb_tlv *hdr;
++	u8 *pos = start;
++
++	if (!rate)
++		return 0;
++
++	tlv_len = 0;
++	if (rate->rx || rate->tx) {
++		tlv_len += sizeof(*hdr);
++		if (start + tlv_len > endpos)
++			return tlv_len;
++		hdr = (struct ft_rrb_tlv *) pos;
++		hdr->type = host_to_le16(FT_RRB_RATE_LIMIT);
++		hdr->len = host_to_le16(2 * sizeof(le32));
++		pos = start + tlv_len;
++
++		tlv_len += sizeof(u32);
++		if (start + tlv_len > endpos)
++			return tlv_len;
++		WPA_PUT_LE32(pos, rate->rx);
++		pos = start + tlv_len;
++		tlv_len += sizeof(u32);
++		if (start + tlv_len > endpos)
++			return tlv_len;
++		WPA_PUT_LE32(pos, rate->tx);
++		pos = start + tlv_len;
++	}
++
++	return tlv_len;
++}
++
++
+ static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1,
+ 			  const struct tlv_list *tlvs2,
+ 			  const struct vlan_description *vlan,
+-			  u8 **plain, size_t *plain_len)
++			  u8 **plain, size_t *plain_len,
++			  const struct rate_description *rate)
+ {
+ 	u8 *pos, *endpos;
+ 	size_t tlv_len;
+@@ -445,6 +491,7 @@ static int wpa_ft_rrb_lin(const struct t
+ 	tlv_len = wpa_ft_tlv_len(tlvs1);
+ 	tlv_len += wpa_ft_tlv_len(tlvs2);
+ 	tlv_len += wpa_ft_vlan_len(vlan);
++	tlv_len += wpa_ft_rate_limit_len(rate);
+ 
+ 	*plain_len = tlv_len;
+ 	*plain = os_zalloc(tlv_len);
+@@ -458,6 +505,7 @@ static int wpa_ft_rrb_lin(const struct t
+ 	pos += wpa_ft_tlv_lin(tlvs1, pos, endpos);
+ 	pos += wpa_ft_tlv_lin(tlvs2, pos, endpos);
+ 	pos += wpa_ft_vlan_lin(vlan, pos, endpos);
++	pos += wpa_ft_rate_limit_lin(rate, pos, endpos);
+ 
+ 	/* validity check */
+ 	if (pos != endpos) {
+@@ -526,7 +574,8 @@ static int wpa_ft_rrb_build(const u8 *ke
+ 			    const struct tlv_list *tlvs_auth,
+ 			    const struct vlan_description *vlan,
+ 			    const u8 *src_addr, u8 type,
+-			    u8 **packet, size_t *packet_len)
++			    u8 **packet, size_t *packet_len,
++			    const struct rate_description *rate)
+ {
+ 	u8 *plain = NULL, *auth = NULL, *pos, *tmp;
+ 	size_t plain_len = 0, auth_len = 0;
+@@ -534,10 +583,10 @@ static int wpa_ft_rrb_build(const u8 *ke
+ 	size_t pad_len = 0;
+ 
+ 	*packet = NULL;
+-	if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0)
++	if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len, rate) < 0)
+ 		goto out;
+ 
+-	if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0)
++	if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len, NULL) < 0)
+ 		goto out;
+ 
+ 	*packet_len = sizeof(u16) + auth_len + plain_len;
+@@ -700,6 +749,24 @@ static int wpa_ft_get_vlan(struct wpa_au
+ }
+ 
+ 
++static int wpa_ft_get_rate_limit(struct wpa_authenticator *wpa_auth,
++				 const u8 *sta_addr, struct rate_description *rate)
++{
++	if (!wpa_auth->cb->get_rate_limit)
++		return -1;
++	return wpa_auth->cb->get_rate_limit(wpa_auth->cb_ctx, sta_addr, rate);
++}
++
++
++static int wpa_ft_set_rate_limit(struct wpa_authenticator *wpa_auth,
++				 const u8 *sta_addr, struct rate_description *rate)
++{
++	if (!wpa_auth->cb->set_rate_limit)
++		return -1;
++	return wpa_auth->cb->set_rate_limit(wpa_auth->cb_ctx, sta_addr, rate);
++}
++
++
+ static int
+ wpa_ft_set_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
+ 		    const u8 *identity, size_t identity_len)
+@@ -1025,7 +1092,7 @@ wpa_ft_rrb_seq_req(struct wpa_authentica
+ 
+ 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL,
+ 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
+-			     &packet, &packet_len) < 0) {
++			     &packet, &packet_len, NULL) < 0) {
+ 		item = NULL; /* some other seq resp might still accept this */
+ 		goto err;
+ 	}
+@@ -1208,6 +1275,7 @@ struct wpa_ft_pmk_r0_sa {
+ 	u8 spa[ETH_ALEN];
+ 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
+ 	struct vlan_description *vlan;
++	struct rate_description *rate;
+ 	os_time_t expiration; /* 0 for no expiration */
+ 	u8 *identity;
+ 	size_t identity_len;
+@@ -1226,6 +1294,7 @@ struct wpa_ft_pmk_r1_sa {
+ 	u8 spa[ETH_ALEN];
+ 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
+ 	struct vlan_description *vlan;
++	struct rate_description *rate;
+ 	u8 *identity;
+ 	size_t identity_len;
+ 	u8 *radius_cui;
+@@ -1254,6 +1323,7 @@ static void wpa_ft_free_pmk_r0(struct wp
+ 
+ 	os_memset(r0->pmk_r0, 0, PMK_LEN_MAX);
+ 	os_free(r0->vlan);
++	os_free(r0->rate);
+ 	os_free(r0->identity);
+ 	os_free(r0->radius_cui);
+ 	os_free(r0);
+@@ -1307,6 +1377,7 @@ static void wpa_ft_free_pmk_r1(struct wp
+ 	eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL);
+ 
+ 	os_memset(r1->pmk_r1, 0, PMK_LEN_MAX);
++	os_free(r1->rate);
+ 	os_free(r1->vlan);
+ 	os_free(r1->identity);
+ 	os_free(r1->radius_cui);
+@@ -1360,7 +1431,8 @@ static int wpa_ft_store_pmk_r0(struct wp
+ 			       const struct vlan_description *vlan,
+ 			       int expires_in, int session_timeout,
+ 			       const u8 *identity, size_t identity_len,
+-			       const u8 *radius_cui, size_t radius_cui_len)
++			       const u8 *radius_cui, size_t radius_cui_len,
++			       struct rate_description *rate)
+ {
+ 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
+ 	struct wpa_ft_pmk_r0_sa *r0;
+@@ -1388,6 +1460,14 @@ static int wpa_ft_store_pmk_r0(struct wp
+ 		}
+ 		*r0->vlan = *vlan;
+ 	}
++	if (rate) {
++		r0->rate = os_zalloc(sizeof(*rate));
++		if (!r0->rate) {
++			bin_clear_free(r0, sizeof(*r0));
++			return -1;
++		}
++		*r0->rate = *rate;
++	}
+ 	if (identity) {
+ 		r0->identity = os_malloc(identity_len);
+ 		if (r0->identity) {
+@@ -1447,7 +1527,8 @@ static int wpa_ft_store_pmk_r1(struct wp
+ 			       const struct vlan_description *vlan,
+ 			       int expires_in, int session_timeout,
+ 			       const u8 *identity, size_t identity_len,
+-			       const u8 *radius_cui, size_t radius_cui_len)
++			       const u8 *radius_cui, size_t radius_cui_len,
++			       struct rate_description *rate)
+ {
+ 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
+ 	int max_expires_in = wpa_auth->conf.r1_max_key_lifetime;
+@@ -1477,6 +1558,14 @@ static int wpa_ft_store_pmk_r1(struct wp
+ 		}
+ 		*r1->vlan = *vlan;
+ 	}
++	if (rate) {
++		r1->rate = os_zalloc(sizeof(*rate));
++		if (!r1->rate) {
++			bin_clear_free(r1, sizeof(*r1));
++			return -1;
++		}
++		*r1->rate = *rate;
++	}
+ 	if (identity) {
+ 		r1->identity = os_malloc(identity_len);
+ 		if (r1->identity) {
+@@ -1513,7 +1602,7 @@ int wpa_ft_fetch_pmk_r1(struct wpa_authe
+ 			struct vlan_description *vlan,
+ 			const u8 **identity, size_t *identity_len,
+ 			const u8 **radius_cui, size_t *radius_cui_len,
+-			int *session_timeout)
++			int *session_timeout, struct rate_description *rate)
+ {
+ 	struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
+ 	struct wpa_ft_pmk_r1_sa *r1;
+@@ -1533,6 +1622,12 @@ int wpa_ft_fetch_pmk_r1(struct wpa_authe
+ 				*vlan = *r1->vlan;
+ 			if (vlan && !r1->vlan)
+ 				os_memset(vlan, 0, sizeof(*vlan));
++			if (rate) {
++				if (r1->rate)
++					*rate = *r1->rate;
++				else
++					memset(rate, 0, sizeof(*rate));
++			}
+ 			if (identity && identity_len) {
+ 				*identity = r1->identity;
+ 				*identity_len = r1->identity_len;
+@@ -2059,7 +2154,7 @@ static int wpa_ft_pull_pmk_r1(struct wpa
+ 
+ 	if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL,
+ 			     sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL,
+-			     &packet, &packet_len) < 0)
++			     &packet, &packet_len, NULL) < 0)
+ 		return -1;
+ 
+ 	ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len);
+@@ -2088,6 +2183,7 @@ int wpa_ft_store_pmk_fils(struct wpa_sta
+ {
+ 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
+ 	struct vlan_description vlan;
++	struct rate_description rate;
+ 	const u8 *identity, *radius_cui;
+ 	size_t identity_len, radius_cui_len;
+ 	int session_timeout;
+@@ -2099,6 +2195,7 @@ int wpa_ft_store_pmk_fils(struct wpa_sta
+ 			   MAC2STR(sm->addr));
+ 		return -1;
+ 	}
++	wpa_ft_get_rate_limit(sm->wpa_auth, sm->addr, &rate);
+ 
+ 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
+ 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
+@@ -2108,7 +2205,7 @@ int wpa_ft_store_pmk_fils(struct wpa_sta
+ 	return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
+ 				   pmk_r0_name, sm->pairwise, &vlan, expires_in,
+ 				   session_timeout, identity, identity_len,
+-				   radius_cui, radius_cui_len);
++				   radius_cui, radius_cui_len, &rate);
+ }
+ 
+ 
+@@ -2172,6 +2269,7 @@ void wpa_auth_ft_store_keys(struct wpa_s
+ 	int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
+ 	int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
+ 	struct vlan_description vlan;
++	struct rate_description rate;
+ 	const u8 *identity, *radius_cui;
+ 	size_t identity_len, radius_cui_len;
+ 	int session_timeout;
+@@ -2185,6 +2283,8 @@ void wpa_auth_ft_store_keys(struct wpa_s
+ 		return;
+ 	}
+ 
++	wpa_ft_get_rate_limit(sm->wpa_auth, sm->addr, &rate);
++
+ 	identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
+ 	radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
+ 					       &radius_cui);
+@@ -2195,11 +2295,12 @@ void wpa_auth_ft_store_keys(struct wpa_s
+ 			    pmk_r0_name,
+ 			    sm->pairwise, &vlan, expires_in,
+ 			    session_timeout, identity, identity_len,
+-			    radius_cui, radius_cui_len);
++			    radius_cui, radius_cui_len, &rate);
+ 	wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, key_len,
+ 			    sm->pmk_r1_name, sm->pairwise, &vlan,
+ 			    expires_in, session_timeout, identity,
+-			    identity_len, radius_cui, radius_cui_len);
++			    identity_len, radius_cui, radius_cui_len,
++			    &rate);
+ }
+ 
+ 
+@@ -3100,7 +3201,8 @@ static int wpa_ft_local_derive_pmk_r1(st
+ 				      const u8 **radius_cui,
+ 				      size_t *radius_cui_len,
+ 				      int *out_session_timeout,
+-				      size_t *pmk_r1_len)
++				      size_t *pmk_r1_len,
++				      struct rate_description *rate)
+ {
+ 	struct wpa_auth_config *conf = &wpa_auth->conf;
+ 	const struct wpa_ft_pmk_r0_sa *r0;
+@@ -3136,7 +3238,8 @@ static int wpa_ft_local_derive_pmk_r1(st
+ 			    out_pmk_r1_name,
+ 			    sm->pairwise, r0->vlan, expires_in, session_timeout,
+ 			    r0->identity, r0->identity_len,
+-			    r0->radius_cui, r0->radius_cui_len);
++			    r0->radius_cui, r0->radius_cui_len,
++			    r0->rate);
+ 
+ 	*out_pairwise = sm->pairwise;
+ 	if (vlan) {
+@@ -3146,6 +3249,13 @@ static int wpa_ft_local_derive_pmk_r1(st
+ 			os_memset(vlan, 0, sizeof(*vlan));
+ 	}
+ 
++	if (rate) {
++		if (r0->rate)
++			*rate = *r0->rate;
++		else
++			os_memset(rate, 0, sizeof(*rate));
++	}
++
+ 	if (identity && identity_len) {
+ 		*identity = r0->identity;
+ 		*identity_len = r0->identity_len;
+@@ -3178,6 +3288,7 @@ static int wpa_ft_process_auth_req(struc
+ 	u8 *pos, *end;
+ 	int pairwise, session_timeout = 0;
+ 	struct vlan_description vlan;
++	struct rate_description rate = {};
+ 	const u8 *identity, *radius_cui;
+ 	size_t identity_len = 0, radius_cui_len = 0;
+ 	size_t pmk_r1_len, kdk_len, len;
+@@ -3274,7 +3385,7 @@ static int wpa_ft_process_auth_req(struc
+ 					pmk_r1, &pmk_r1_len, &pairwise, &vlan,
+ 					&identity, &identity_len, &radius_cui,
+ 					&radius_cui_len,
+-					&session_timeout) == 0) {
++					&session_timeout, &rate) == 0) {
+ 			wpa_printf(MSG_DEBUG,
+ 				   "FT: Found PMKR1Name (using SHA%zu) from local cache",
+ 				   pmk_r1_len * 8);
+@@ -3290,7 +3401,7 @@ static int wpa_ft_process_auth_req(struc
+ 				       pmk_r1_name, pmk_r1, &pairwise,
+ 				       &vlan, &identity, &identity_len,
+ 				       &radius_cui, &radius_cui_len,
+-				       &session_timeout, &pmk_r1_len) == 0) {
++				       &session_timeout, &pmk_r1_len, &rate) == 0) {
+ 		wpa_printf(MSG_DEBUG,
+ 			   "FT: Generated PMK-R1 based on local PMK-R0");
+ 		goto pmk_r1_derived;
+@@ -3392,6 +3503,7 @@ pmk_r1_derived:
+ 		wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
+ 		goto out;
+ 	}
++	wpa_ft_set_rate_limit(sm->wpa_auth, sm->addr, &rate);
+ 	if (wpa_ft_set_identity(sm->wpa_auth, sm->addr,
+ 				identity, identity_len) < 0 ||
+ 	    wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr,
+@@ -3973,7 +4085,7 @@ static int wpa_ft_rrb_build_r0(const u8
+ 
+ 	ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth,
+ 			       pmk_r0->vlan, src_addr, type,
+-			       packet, packet_len);
++			       packet, packet_len, pmk_r0->rate);
+ 
+ 	forced_memzero(pmk_r1, sizeof(pmk_r1));
+ 
+@@ -4113,7 +4225,7 @@ static int wpa_ft_rrb_rx_pull(struct wpa
+ 		ret = wpa_ft_rrb_build(key, key_len, resp, NULL, resp_auth,
+ 				       NULL, wpa_auth->addr,
+ 				       FT_PACKET_R0KH_R1KH_RESP,
+-				       &packet, &packet_len);
++				       &packet, &packet_len, NULL);
+ 	} else {
+ 		ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id,
+ 					  f_s1kh_id, resp_auth, wpa_auth->addr,
+@@ -4165,11 +4277,15 @@ static int wpa_ft_rrb_rx_r1(struct wpa_a
+ 	size_t f_expires_in_len;
+ 	size_t f_identity_len, f_radius_cui_len;
+ 	size_t f_session_timeout_len;
++	size_t f_rate_len;
++	const u8 *f_rate;
+ 	int pairwise;
+ 	int ret = -1;
+ 	int expires_in;
+ 	int session_timeout;
+ 	struct vlan_description vlan;
++	struct rate_description rate;
++	int has_rate = 0;
+ 	size_t pmk_r1_len;
+ 
+ 	RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
+@@ -4279,6 +4395,13 @@ static int wpa_ft_rrb_rx_r1(struct wpa_a
+ 	wpa_printf(MSG_DEBUG, "FT: vlan %d%s",
+ 		   le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : "");
+ 
++	RRB_GET_OPTIONAL(FT_RRB_RATE_LIMIT, rate, msgtype, 2 * sizeof(le32));
++	if (f_rate) {
++		memcpy(&rate, f_rate, sizeof(rate));
++		rate.rx = le_to_host32(rate.rx);
++		rate.tx = le_to_host32(rate.tx);
++		has_rate = 1;
++	};
+ 	RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1);
+ 	if (f_identity)
+ 		wpa_hexdump_ascii(MSG_DEBUG, "FT: Identity", f_identity,
+@@ -4301,7 +4424,7 @@ static int wpa_ft_rrb_rx_r1(struct wpa_a
+ 				f_pmk_r1_name,
+ 				pairwise, &vlan, expires_in, session_timeout,
+ 				f_identity, f_identity_len, f_radius_cui,
+-				f_radius_cui_len) < 0)
++				f_radius_cui_len, has_rate ? &rate : 0) < 0)
+ 		goto out;
+ 
+ 	ret = 0;
+@@ -4614,7 +4737,7 @@ static int wpa_ft_rrb_rx_seq_req(struct
+ 
+ 	if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL,
+ 			     wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
+-			     &packet, &packet_len) < 0)
++			     &packet, &packet_len, NULL) < 0)
+ 		goto out;
+ 
+ 	wpa_ft_rrb_oui_send(wpa_auth, src_addr,

feeds/hostapd/hostapd/patches/999-ft-anonce.patch

@@ -0,0 +1,10 @@
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -54,6 +54,7 @@ struct wpa_state_machine {
+ 	bool MICVerified;
+ 	bool GUpdateStationKeys;
+ 	u8 ANonce[WPA_NONCE_LEN];
++	struct os_reltime ANonce_time;
+ 	u8 SNonce[WPA_NONCE_LEN];
+ 	u8 alt_SNonce[WPA_NONCE_LEN];
+ 	u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN];

feeds/hostapd/hostapd/patches/999-re-assoc-event.patch

@@ -0,0 +1,147 @@
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -522,6 +522,7 @@ static void handle_auth_ft_finish(void *
+ 
+ 	hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
+ 		       HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
++	hostapd_ubus_notify(hapd, "ft-finish", sta->addr);
+ 	sta->flags |= WLAN_STA_AUTH;
+ 	mlme_authenticate_indication(hapd, sta);
+ }
+@@ -5273,6 +5274,8 @@ static void handle_assoc(struct hostapd_
+ 	}
+ 
+ 	sta = ap_get_sta(hapd, mgmt->sa);
++	if (sta && reassoc)
++		memcpy(sta->origin_ap, mgmt->u.reassoc_req.current_ap, 6);
+ #ifdef CONFIG_IEEE80211R_AP
+ 	if (sta && sta->auth_alg == WLAN_AUTH_FT &&
+ 	    (sta->flags & WLAN_STA_AUTH) == 0) {
+@@ -5426,6 +5429,7 @@ static void handle_assoc(struct hostapd_
+ 		.type = HOSTAPD_UBUS_ASSOC_REQ,
+ 		.mgmt_frame = mgmt,
+ 		.ssi_signal = rssi,
++		.reassoc = reassoc,
+ 	};
+ 
+ 	/* followed by SSID and Supported rates; and HT capabilities if 802.11n
+@@ -6496,7 +6500,7 @@ static void handle_assoc_cb(struct hosta
+ 		 * Open, static WEP, FT protocol, or FILS; no separate
+ 		 * authorization step.
+ 		 */
+-		ap_sta_set_authorized(hapd, sta, 1);
++		_ap_sta_set_authorized(hapd, sta, 1, reassoc);
+ 	}
+ 
+ 	if (reassoc)
+--- a/src/ap/ubus.c
++++ b/src/ap/ubus.c
+@@ -1870,6 +1870,8 @@ int hostapd_ubus_handle_event(struct hos
+ 	if (req->ssi_signal)
+ 		blobmsg_add_u32(&b, "signal", req->ssi_signal);
+ 	blobmsg_add_u32(&b, "freq", hapd->iface->freq);
++	if (req->reassoc && req->mgmt_frame)
++		blobmsg_add_macaddr(&b, "origin", req->mgmt_frame->u.reassoc_req.current_ap);
+ 
+ 	if (req->elems) {
+ 		if(req->elems->ht_capabilities)
+@@ -1940,6 +1942,7 @@ void hostapd_ubus_notify(struct hostapd_
+ 	blob_buf_init(&b, 0);
+ 	blobmsg_add_macaddr(&b, "address", addr);
+ 	blobmsg_add_string(&b, "ifname", hapd->conf->iface);
++	blobmsg_printf(&b, "target", MACSTR, MAC2STR(hapd->conf->bssid));
+ 
+ 	ubus_notify(ctx, &hapd->ubus.obj, type, b.head, -1);
+ }
+@@ -1958,7 +1961,7 @@ void hostapd_ubus_notify_csa(struct host
+ }
+ 
+ 
+-void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta)
++void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta, int reassoc)
+ {
+ 	if (!hapd->ubus.obj.has_subscribers)
+ 		return;
+@@ -1975,6 +1978,9 @@ void hostapd_ubus_notify_authorized(stru
+ 		blobmsg_add_u32(&b, "", sta->bandwidth[1]);
+ 		blobmsg_close_array(&b, r);
+ 	}
++	if (reassoc)
++		blobmsg_add_macaddr(&b, "origin", sta->origin_ap);
++	blobmsg_printf(&b, "target", MACSTR, MAC2STR(hapd->conf->bssid));
+ 
+ 	ubus_notify(ctx, &hapd->ubus.obj, "sta-authorized", b.head, -1);
+ }
+--- a/src/ap/ubus.h
++++ b/src/ap/ubus.h
+@@ -22,6 +22,7 @@ struct hostapd_ubus_request {
+ 	const struct ieee802_11_elems *elems;
+ 	int ssi_signal; /* dBm */
+ 	const u8 *addr;
++	int reassoc;
+ };
+ 
+ struct hostapd_iface;
+@@ -49,7 +50,7 @@ void hostapd_ubus_remove_vlan(struct hos
+ 
+ int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
+ void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac);
+-void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta);
++void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta, int reassoc);
+ void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
+ 				       const u8 *addr, u8 token, u8 rep_mode,
+ 				       struct rrm_measurement_beacon_report *rep,
+--- a/src/ap/sta_info.c
++++ b/src/ap/sta_info.c
+@@ -1297,8 +1297,8 @@ const u8 * ap_sta_wpa_get_dpp_pkhash(str
+ }
+ 
+ 
+-void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+-			   int authorized)
++void _ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
++			    int authorized, int reassoc)
+ {
+ 	const u8 *dev_addr = NULL;
+ 	char buf[100];
+@@ -1404,7 +1404,7 @@ void ap_sta_set_authorized(struct hostap
+ 					 dpp_pkhash, SHA256_MAC_LEN);
+ 		}
+ 
+-		hostapd_ubus_notify_authorized(hapd, sta);
++		hostapd_ubus_notify_authorized(hapd, sta, reassoc);
+ 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s%s",
+ 			buf, ip_addr, keyid_buf, dpp_pkhash_buf, alg_buf);
+ 
+@@ -1434,6 +1434,11 @@ void ap_sta_set_authorized(struct hostap
+ 	}
+ #endif /* CONFIG_FST */
+ }
++void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
++			   int authorized)
++{
++	_ap_sta_set_authorized(hapd, sta, authorized, 0);
++}
+ 
+ 
+ void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
+--- a/src/ap/sta_info.h
++++ b/src/ap/sta_info.h
+@@ -102,6 +102,7 @@ struct sta_info {
+ 	struct sta_info *next; /* next entry in sta list */
+ 	struct sta_info *hnext; /* next entry in hash table list */
+ 	u8 addr[6];
++	u8 origin_ap[6];
+ 	be32 ipaddr;
+ 	struct dl_list ip6addr; /* list head for struct ip6addr */
+ 	u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */
+@@ -398,6 +399,9 @@ const u8 * ap_sta_wpa_get_dpp_pkhash(str
+ void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
+ 		       const u8 *addr, u16 reason);
+ 
++void _ap_sta_set_authorized(struct hostapd_data *hapd,
++			    struct sta_info *sta, int authorized,
++			    int reassoc);
+ void ap_sta_set_authorized(struct hostapd_data *hapd,
+ 			   struct sta_info *sta, int authorized);
+ static inline int ap_sta_is_authorized(struct sta_info *sta)