From 0beb1d5779370b929c6c2809e599a6669b09ae92 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Thu, 17 Aug 2023 19:53:52 +0200 Subject: [PATCH 21/68] hostapd: add TIP extensions Signed-off-by: John Crispin --- .../hostapd/files/hostapd-full.config | 4 +- .../hostapd/patches/600-ubus_support.patch | 4 +- .../services/hostapd/patches/750-wispr.patch | 113 ++++++++++++++++++ .../hostapd/patches/760-acs_exclude_dfs.patch | 15 +++ .../hostapd/patches/780-maxassoc.patch | 13 ++ .../800-fix-ap-sta-channel-setup-failed.patch | 29 +++++ .../hostapd/patches/901-cfg-section.patch | 51 ++++++++ .../hostapd/patches/999-probe-request.patch | 49 ++++++++ .../services/hostapd/patches/999-s8-u8.patch | 22 ++++ .../services/hostapd/src/src/ap/ubus.c | 8 ++ 10 files changed, 304 insertions(+), 4 deletions(-) create mode 100644 package/network/services/hostapd/patches/750-wispr.patch create mode 100644 package/network/services/hostapd/patches/760-acs_exclude_dfs.patch create mode 100644 package/network/services/hostapd/patches/780-maxassoc.patch create mode 100644 package/network/services/hostapd/patches/800-fix-ap-sta-channel-setup-failed.patch create mode 100644 package/network/services/hostapd/patches/901-cfg-section.patch create mode 100644 package/network/services/hostapd/patches/999-probe-request.patch create mode 100644 package/network/services/hostapd/patches/999-s8-u8.patch diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config index 9076ebc44f..2ac2a312d1 100644 --- a/package/network/services/hostapd/files/hostapd-full.config +++ b/package/network/services/hostapd/files/hostapd-full.config @@ -94,10 +94,10 @@ CONFIG_EAP_TTLS=y #CONFIG_EAP_PAX=y # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) -#CONFIG_EAP_PSK=y +CONFIG_EAP_PSK=y # EAP-pwd for the integrated EAP server (secure authentication with a password) -#CONFIG_EAP_PWD=y +CONFIG_EAP_PWD=y # EAP-SAKE for the integrated EAP server #CONFIG_EAP_SAKE=y diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch index bc80ef0e81..2709a7de1a 100644 --- a/package/network/services/hostapd/patches/600-ubus_support.patch +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -110,7 +110,7 @@ goto fail; } + ubus_resp = hostapd_ubus_handle_event(hapd, &req); -+ if (ubus_resp) { ++ if (0 && ubus_resp) { + wpa_printf(MSG_DEBUG, "Station " MACSTR " rejected by ubus handler.\n", + MAC2STR(mgmt->sa)); + resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE; @@ -145,7 +145,7 @@ #endif /* CONFIG_FILS */ + ubus_resp = hostapd_ubus_handle_event(hapd, &req); -+ if (ubus_resp) { ++ if (0 && ubus_resp) { + wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n", + MAC2STR(mgmt->sa)); + resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE; diff --git a/package/network/services/hostapd/patches/750-wispr.patch b/package/network/services/hostapd/patches/750-wispr.patch new file mode 100644 index 0000000000..59537cedeb --- /dev/null +++ b/package/network/services/hostapd/patches/750-wispr.patch @@ -0,0 +1,113 @@ +Index: hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c +=================================================================== +--- hostapd-2021-02-20-59e9794c.orig/src/ap/ieee802_1x.c ++++ hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c +@@ -1904,6 +1904,25 @@ static int ieee802_1x_update_vlan(struct + } + #endif /* CONFIG_NO_VLAN */ + ++static int ieee802_1x_update_wispr(struct hostapd_data *hapd, ++ struct sta_info *sta, ++ struct radius_msg *msg) ++{ ++ memset(sta->bandwidth, 0, sizeof(sta->bandwidth)); ++ ++ if (radius_msg_get_wispr(msg, &sta->bandwidth)) ++ return 0; ++ ++ if (!sta->bandwidth[0] && !sta->bandwidth[1]) ++ return 0; ++ ++ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, ++ HOSTAPD_LEVEL_INFO, ++ "received wispr bandwidth from RADIUS server %d/%d", ++ sta->bandwidth[0], sta->bandwidth[1]); ++ ++ return 0; ++} + + /** + * ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server +@@ -2029,6 +2048,7 @@ ieee802_1x_receive_auth(struct radius_ms + ieee802_1x_check_hs20(hapd, sta, msg, + session_timeout_set ? + (int) session_timeout : -1); ++ ieee802_1x_update_wispr(hapd, sta, msg); + break; + case RADIUS_CODE_ACCESS_REJECT: + sm->eap_if->aaaFail = true; +Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.h +=================================================================== +--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.h ++++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.h +@@ -117,6 +117,7 @@ struct sta_info { + u8 supported_rates[WLAN_SUPP_RATES_MAX]; + int supported_rates_len; + u8 qosinfo; /* Valid when WLAN_STA_WMM is set */ ++ u32 bandwidth[2]; + + #ifdef CONFIG_MESH + enum mesh_plink_state plink_state; +Index: hostapd-2021-02-20-59e9794c/src/radius/radius.c +=================================================================== +--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.c ++++ hostapd-2021-02-20-59e9794c/src/radius/radius.c +@@ -1182,6 +1182,35 @@ radius_msg_get_cisco_keys(struct radius_ + return keys; + } + ++#define RADIUS_VENDOR_ID_WISPR 14122 ++#define RADIUS_WISPR_AV_BW_UP 7 ++#define RADIUS_WISPR_AV_BW_DOWN 8 ++ ++int ++radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth) ++{ ++ int i; ++ ++ if (msg == NULL || bandwidth == NULL) ++ return 1; ++ ++ for (i = 0; i < 2; i++) { ++ size_t keylen; ++ u8 *key; ++ ++ key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_WISPR, ++ RADIUS_WISPR_AV_BW_UP + i, &keylen); ++ if (!key) ++ continue; ++ ++ if (keylen == 4) ++ bandwidth[i] = ntohl(*((u32 *)key)); ++ os_free(key); ++ } ++ ++ return 0; ++} ++ + + int radius_msg_add_mppe_keys(struct radius_msg *msg, + const u8 *req_authenticator, +Index: hostapd-2021-02-20-59e9794c/src/radius/radius.h +=================================================================== +--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.h ++++ hostapd-2021-02-20-59e9794c/src/radius/radius.h +@@ -205,6 +205,10 @@ enum { + RADIUS_VENDOR_ATTR_WFA_HS20_T_C_URL = 10, + }; + ++#define RADIUS_VENDOR_ID_WISPR 14122 ++#define RADIUS_WISPR_AV_BW_UP 7 ++#define RADIUS_WISPR_AV_BW_DOWN 8 ++ + #ifdef _MSC_VER + #pragma pack(pop) + #endif /* _MSC_VER */ +@@ -277,6 +281,7 @@ radius_msg_get_ms_keys(struct radius_msg + struct radius_ms_mppe_keys * + radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg, + const u8 *secret, size_t secret_len); ++int radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth); + int radius_msg_add_mppe_keys(struct radius_msg *msg, + const u8 *req_authenticator, + const u8 *secret, size_t secret_len, diff --git a/package/network/services/hostapd/patches/760-acs_exclude_dfs.patch b/package/network/services/hostapd/patches/760-acs_exclude_dfs.patch new file mode 100644 index 0000000000..52d63c5ff9 --- /dev/null +++ b/package/network/services/hostapd/patches/760-acs_exclude_dfs.patch @@ -0,0 +1,15 @@ +Index: hostapd-2021-02-20-59e9794c/src/ap/acs.c +=================================================================== +--- hostapd-2021-02-20-59e9794c.orig/src/ap/acs.c ++++ hostapd-2021-02-20-59e9794c/src/ap/acs.c +@@ -672,6 +672,10 @@ acs_find_ideal_chan_mode(struct hostapd_ + continue; + } + ++ if (iface->conf->acs_exclude_dfs && ++ (chan->flag & HOSTAPD_CHAN_RADAR)) ++ continue; ++ + /* HT40 on 5 GHz has a limited set of primary channels as per + * 11n Annex J */ + if (mode->mode == HOSTAPD_MODE_IEEE80211A && diff --git a/package/network/services/hostapd/patches/780-maxassoc.patch b/package/network/services/hostapd/patches/780-maxassoc.patch new file mode 100644 index 0000000000..98840f382a --- /dev/null +++ b/package/network/services/hostapd/patches/780-maxassoc.patch @@ -0,0 +1,13 @@ +Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.c +=================================================================== +--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.c ++++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.c +@@ -717,7 +717,7 @@ struct sta_info * ap_sta_add(struct host + return sta; + + wpa_printf(MSG_DEBUG, " New STA"); +- if (hapd->num_sta >= hapd->conf->max_num_sta) { ++ if (hostapd_check_max_sta(hapd)) { + /* FIX: might try to remove some old STAs first? */ + wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)", + hapd->num_sta, hapd->conf->max_num_sta); diff --git a/package/network/services/hostapd/patches/800-fix-ap-sta-channel-setup-failed.patch b/package/network/services/hostapd/patches/800-fix-ap-sta-channel-setup-failed.patch new file mode 100644 index 0000000000..de7a611587 --- /dev/null +++ b/package/network/services/hostapd/patches/800-fix-ap-sta-channel-setup-failed.patch @@ -0,0 +1,29 @@ +diff --git a/src/common/hw_features_common.c b/src/common/hw_features_common.c +index ad2aebf..355b4a8 100644 +--- a/src/common/hw_features_common.c ++++ b/src/common/hw_features_common.c +@@ -615,9 +615,21 @@ int hostapd_set_freq_params(struct hostapd_freq_params *data, + center_segment0 == channel - 6) + data->center_freq1 = 5000 + center_segment0 * 5; + else { +- wpa_printf(MSG_ERROR, +- "Wrong coupling between HT and VHT/HE channel setting"); +- return -1; ++ if (channel <= 48) ++ center_segment0 = 42; ++ else if (channel <= 64) ++ center_segment0 = 58; ++ else if (channel <= 112) ++ center_segment0 = 106; ++ else if (channel <= 128) ++ center_segment0 = 122; ++ else if (channel <= 144) ++ center_segment0 = 138; ++ else if (channel <= 161) ++ center_segment0 = 155; ++ else if (channel <= 177) ++ center_segment0 = 171; ++ data->center_freq1 = 5000 + center_segment0 * 5; + } + } + break; diff --git a/package/network/services/hostapd/patches/901-cfg-section.patch b/package/network/services/hostapd/patches/901-cfg-section.patch new file mode 100644 index 0000000000..657c5054f6 --- /dev/null +++ b/package/network/services/hostapd/patches/901-cfg-section.patch @@ -0,0 +1,51 @@ +Index: hostapd-2023-06-22-599d00be/hostapd/config_file.c +=================================================================== +--- hostapd-2023-06-22-599d00be.orig/hostapd/config_file.c ++++ hostapd-2023-06-22-599d00be/hostapd/config_file.c +@@ -2345,6 +2345,8 @@ static int hostapd_config_fill(struct ho + return 1; + } + conf->driver = driver; ++ } else if (os_strcmp(buf, "uci_section") == 0) { ++ bss->uci_section = os_strdup(pos); + } else if (os_strcmp(buf, "driver_params") == 0) { + os_free(conf->driver_params); + conf->driver_params = os_strdup(pos); +Index: hostapd-2023-06-22-599d00be/src/ap/ap_config.h +=================================================================== +--- hostapd-2023-06-22-599d00be.orig/src/ap/ap_config.h ++++ hostapd-2023-06-22-599d00be/src/ap/ap_config.h +@@ -288,6 +288,7 @@ struct hostapd_bss_config { + char vlan_bridge[IFNAMSIZ + 1]; + char wds_bridge[IFNAMSIZ + 1]; + int bridge_hairpin; /* hairpin_mode on bridge members */ ++ char *uci_section; + + enum hostapd_logger_level logger_syslog_level, logger_stdout_level; + +Index: hostapd-2023-06-22-599d00be/src/ap/ubus.c +=================================================================== +--- hostapd-2023-06-22-599d00be.orig/src/ap/ubus.c ++++ hostapd-2023-06-22-599d00be/src/ap/ubus.c +@@ -418,6 +418,9 @@ hostapd_bss_get_status(struct ubus_conte + hapd->iface->cac_started ? hapd->iface->dfs_cac_ms / 1000 - now.sec : 0); + blobmsg_close_table(&b, dfs_table); + ++ if (hapd->conf->uci_section) ++ blobmsg_add_string(&b, "uci_section", hapd->conf->uci_section); ++ + ubus_send_reply(ctx, req, b.head); + + return 0; +Index: hostapd-2023-06-22-599d00be/src/ap/ap_config.c +=================================================================== +--- hostapd-2023-06-22-599d00be.orig/src/ap/ap_config.c ++++ hostapd-2023-06-22-599d00be/src/ap/ap_config.c +@@ -798,6 +798,7 @@ void hostapd_config_free_bss(struct host + os_free(conf->radius_req_attr_sqlite); + os_free(conf->rsn_preauth_interfaces); + os_free(conf->ctrl_interface); ++ os_free(conf->uci_section); + os_free(conf->config_id); + os_free(conf->ca_cert); + os_free(conf->server_cert); diff --git a/package/network/services/hostapd/patches/999-probe-request.patch b/package/network/services/hostapd/patches/999-probe-request.patch new file mode 100644 index 0000000000..3b79338c2f --- /dev/null +++ b/package/network/services/hostapd/patches/999-probe-request.patch @@ -0,0 +1,49 @@ +Index: hostapd-2021-02-20-59e9794c/hostapd/config_file.c +=================================================================== +--- hostapd-2021-02-20-59e9794c.orig/hostapd/config_file.c ++++ hostapd-2021-02-20-59e9794c/hostapd/config_file.c +@@ -3339,6 +3339,8 @@ static int hostapd_config_fill(struct ho + bss->ignore_broadcast_ssid = atoi(pos); + } else if (os_strcmp(buf, "no_probe_resp_if_max_sta") == 0) { + bss->no_probe_resp_if_max_sta = atoi(pos); ++ } else if (os_strcmp(buf, "dynamic_probe_resp") == 0) { ++ bss->dynamic_probe_resp = atoi(pos); + #ifdef CONFIG_WEP + } else if (os_strcmp(buf, "wep_default_key") == 0) { + bss->ssid.wep.idx = atoi(pos); +Index: hostapd-2021-02-20-59e9794c/src/ap/ap_config.h +=================================================================== +--- hostapd-2021-02-20-59e9794c.orig/src/ap/ap_config.h ++++ hostapd-2021-02-20-59e9794c/src/ap/ap_config.h +@@ -460,6 +460,7 @@ struct hostapd_bss_config { + int ap_max_inactivity; + int ignore_broadcast_ssid; + int no_probe_resp_if_max_sta; ++ int dynamic_probe_resp; + + int wmm_enabled; + int wmm_uapsd; +Index: hostapd-2021-02-20-59e9794c/src/ap/beacon.c +=================================================================== +--- hostapd-2021-02-20-59e9794c.orig/src/ap/beacon.c ++++ hostapd-2021-02-20-59e9794c/src/ap/beacon.c +@@ -920,7 +920,8 @@ void handle_probe_req(struct hostapd_dat + } + #endif /* CONFIG_P2P */ + +- if (hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0 && ++ if (!hapd->conf->dynamic_probe_resp && ++ hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0 && + elems.ssid_list_len == 0 && elems.short_ssid_list_len == 0) { + wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for " + "broadcast SSID ignored", MAC2STR(mgmt->sa)); +@@ -967,7 +968,8 @@ void handle_probe_req(struct hostapd_dat + return; + } + +- if (hapd->conf->ignore_broadcast_ssid && res == WILDCARD_SSID_MATCH) { ++ if (!hapd->conf->dynamic_probe_resp && ++ hapd->conf->ignore_broadcast_ssid && res == WILDCARD_SSID_MATCH) { + wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for " + "broadcast SSID ignored", MAC2STR(mgmt->sa)); + return; diff --git a/package/network/services/hostapd/patches/999-s8-u8.patch b/package/network/services/hostapd/patches/999-s8-u8.patch new file mode 100644 index 0000000000..f43aa91861 --- /dev/null +++ b/package/network/services/hostapd/patches/999-s8-u8.patch @@ -0,0 +1,22 @@ +Index: hostapd-2023-06-22-599d00be/src/drivers/driver_nl80211.c +=================================================================== +--- hostapd-2023-06-22-599d00be.orig/src/drivers/driver_nl80211.c ++++ hostapd-2023-06-22-599d00be/src/drivers/driver_nl80211.c +@@ -7686,7 +7686,7 @@ static int get_sta_handler(struct nl_msg + [NL80211_STA_INFO_BEACON_SIGNAL_AVG] = { .type = NLA_U8}, + [NL80211_STA_INFO_RX_DURATION] = { .type = NLA_U64 }, + [NL80211_STA_INFO_ACK_SIGNAL] = { .type = NLA_U8 }, +- [NL80211_STA_INFO_ACK_SIGNAL_AVG] = { .type = NLA_S8 }, ++ [NL80211_STA_INFO_ACK_SIGNAL_AVG] = { .type = NLA_U8 }, + [NL80211_STA_INFO_RX_MPDUS] = { .type = NLA_U32 }, + [NL80211_STA_INFO_FCS_ERROR_COUNT] = { .type = NLA_U32 }, + [NL80211_STA_INFO_TX_DURATION] = { .type = NLA_U64 }, +@@ -7792,7 +7792,7 @@ static int get_sta_handler(struct nl_msg + } + if (stats[NL80211_STA_INFO_ACK_SIGNAL_AVG]) + data->avg_ack_signal = +- nla_get_s8(stats[NL80211_STA_INFO_ACK_SIGNAL_AVG]); ++ nla_get_u8(stats[NL80211_STA_INFO_ACK_SIGNAL_AVG]); + if (stats[NL80211_STA_INFO_RX_MPDUS]) + data->rx_mpdus = nla_get_u32(stats[NL80211_STA_INFO_RX_MPDUS]); + if (stats[NL80211_STA_INFO_FCS_ERROR_COUNT]) diff --git a/package/network/services/hostapd/src/src/ap/ubus.c b/package/network/services/hostapd/src/src/ap/ubus.c index 6ff2257c32..a65565bef6 100644 --- a/package/network/services/hostapd/src/src/ap/ubus.c +++ b/package/network/services/hostapd/src/src/ap/ubus.c @@ -1856,6 +1856,7 @@ void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 * blob_buf_init(&b, 0); blobmsg_add_macaddr(&b, "address", addr); + blobmsg_add_string(&b, "ifname", hapd->conf->iface); ubus_notify(ctx, &hapd->ubus.obj, type, b.head, -1); } @@ -1868,9 +1869,16 @@ void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info * blob_buf_init(&b, 0); blobmsg_add_macaddr(&b, "address", sta->addr); + blobmsg_add_string(&b, "ifname", hapd->conf->iface); if (auth_alg) blobmsg_add_string(&b, "auth-alg", auth_alg); + if (sta->bandwidth[0] || sta->bandwidth[1]) { + void *r = blobmsg_open_array(&b, "rate-limit"); + blobmsg_add_u32(&b, "", sta->bandwidth[0]); + blobmsg_add_u32(&b, "", sta->bandwidth[1]); + blobmsg_close_array(&b, r); + } ubus_notify(ctx, &hapd->ubus.obj, "sta-authorized", b.head, -1); } -- 2.34.1