[PATCH 3/3] DPP: prevent processing dpp action frames when stopped

Michal Kazior kazikcz at gmail.com
Mon Feb 8 10:32:07 EST 2021

From: Michal Kazior <michal at plume.com>

DPP configurator params can be configured per
interface. DPP listening can also be started and
stopped per interface.

However DPP rx processing was always doomed to
process incomming frames even on interfaces which
were not explicitly started to do DPP listen. This
happened because not only the initial value but
also because the dpp_allowed_roles could never be
reset to 0.

This would result in random failures in
configuring Enrollees when running multiple AP
interfaces if some of these APs happened to not
have DPP configurator params set.

Signed-off-by: Michal Kazior <michal at plume.com>
 src/ap/dpp_hostapd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index e106df513..a787666cf 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -704,6 +704,7 @@ int hostapd_dpp_listen(struct hostapd_data *hapd, const char *cmd)
 void hostapd_dpp_listen_stop(struct hostapd_data *hapd)
+	hapd->dpp_allowed_roles = 0;
 	hostapd_drv_dpp_listen(hapd, false);
 	/* TODO: Stop listen operation on non-operating channel */
@@ -2226,7 +2227,7 @@ static int hostapd_dpp_add_controllers(struct hostapd_data *hapd)
 int hostapd_dpp_init(struct hostapd_data *hapd)
-	hapd->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR | DPP_CAPAB_ENROLLEE;
+	hapd->dpp_allowed_roles = 0;
 	hapd->dpp_init_done = 1;
 	return hostapd_dpp_add_controllers(hapd);

More information about the Hostap mailing list