[source] hostapd: backport a few upstream fixes
LEDE Commits
lede-commits at lists.infradead.org
Sun Jan 15 05:58:55 PST 2017
nbd pushed a commit to source.git, branch master:
https://git.lede-project.org/40e4c342fd49175b7f367655fac38850435667d4
commit 40e4c342fd49175b7f367655fac38850435667d4
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Sun Jan 15 14:19:43 2017 +0100
hostapd: backport a few upstream fixes
Fixes reassoc issues with WDS mode
Fixes reassoc issues in AP mode
Fixes IBSS reauthentication issues
Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
...ndition-between-AssocResp-callback-and-4a.patch | 83 ++++++++++++++++++++++
...cate-Reassociation-Request-frame-dropping.patch | 36 ++++++++++
...ix-TK-clearing-on-Authentication-frame-RX.patch | 40 +++++++++++
.../hostapd/patches/100-daemonize_fix.patch | 4 +-
.../hostapd/patches/600-ubus_support.patch | 4 +-
5 files changed, 163 insertions(+), 4 deletions(-)
diff --git a/package/network/services/hostapd/patches/001-Fix-race-condition-between-AssocResp-callback-and-4a.patch b/package/network/services/hostapd/patches/001-Fix-race-condition-between-AssocResp-callback-and-4a.patch
new file mode 100644
index 0000000..bf54e9d
--- /dev/null
+++ b/package/network/services/hostapd/patches/001-Fix-race-condition-between-AssocResp-callback-and-4a.patch
@@ -0,0 +1,83 @@
+From: Jouni Malinen <jouni at qca.qualcomm.com>
+Date: Tue, 20 Dec 2016 01:30:09 +0200
+Subject: [PATCH] Fix race condition between AssocResp callback and 4addr event
+
+It is apparently possible for the NL80211_CMD_UNEXPECTED_4ADDR_FRAME
+event to be delivered to hostapd before the NL80211_CMD_FRAME_TX_STATUS
+event for (Re)Association Response frame. This resulted in the 4-address
+WDS mode not getting enabled for a STA. This could occur in particular
+when operating under heavy load and the STA is reconnecting to the same
+AP in a sequence where Deauthentication frame is followed immediately by
+Authentication frame and the driver event processing gets delayed due to
+removal of the previous netdev taking time in the middle of this
+sequence.
+
+Fix this by recording a pending item for 4-address WDS enabling if the
+NL80211_CMD_UNEXPECTED_4ADDR_FRAME event would have been dropped due to
+incompleted association and then process this pending item if the TX
+status for the (Re)Association Response frame is received and it shows
+that the frame was acknowledged.
+
+Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
+---
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -2634,6 +2634,8 @@ static void handle_assoc(struct hostapd_
+ taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
+ #endif /* CONFIG_TAXONOMY */
+
++ sta->pending_wds_enable = 0;
++
+ fail:
+ /*
+ * In case of a successful response, add the station to the driver.
+@@ -3248,6 +3250,14 @@ static void handle_assoc_cb(struct hosta
+
+ hostapd_set_sta_flags(hapd, sta);
+
++ if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
++ wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
++ MACSTR " based on pending request",
++ MAC2STR(sta->addr));
++ sta->pending_wds_enable = 0;
++ sta->flags |= WLAN_STA_WDS;
++ }
++
+ if (sta->flags & WLAN_STA_WDS) {
+ int ret;
+ char ifname_wds[IFNAMSIZ + 1];
+@@ -3512,10 +3522,22 @@ void ieee802_11_rx_from_unknown(struct h
+ struct sta_info *sta;
+
+ sta = ap_get_sta(hapd, src);
+- if (sta && (sta->flags & WLAN_STA_ASSOC)) {
++ if (sta &&
++ ((sta->flags & WLAN_STA_ASSOC) ||
++ ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
+ if (!hapd->conf->wds_sta)
+ return;
+
++ if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
++ WLAN_STA_ASSOC_REQ_OK) {
++ wpa_printf(MSG_DEBUG,
++ "Postpone 4-address WDS mode enabling for STA "
++ MACSTR " since TX status for AssocResp is not yet known",
++ MAC2STR(sta->addr));
++ sta->pending_wds_enable = 1;
++ return;
++ }
++
+ if (wds && !(sta->flags & WLAN_STA_WDS)) {
+ int ret;
+ char ifname_wds[IFNAMSIZ + 1];
+--- a/src/ap/sta_info.h
++++ b/src/ap/sta_info.h
+@@ -115,6 +115,7 @@ struct sta_info {
+ unsigned int radius_das_match:1;
+ unsigned int ecsa_supported:1;
+ unsigned int added_unassoc:1;
++ unsigned int pending_wds_enable:1;
+
+ u16 auth_alg;
+
diff --git a/package/network/services/hostapd/patches/002-Fix-duplicate-Reassociation-Request-frame-dropping.patch b/package/network/services/hostapd/patches/002-Fix-duplicate-Reassociation-Request-frame-dropping.patch
new file mode 100644
index 0000000..6db1e9b
--- /dev/null
+++ b/package/network/services/hostapd/patches/002-Fix-duplicate-Reassociation-Request-frame-dropping.patch
@@ -0,0 +1,36 @@
+From: Jouni Malinen <jouni at qca.qualcomm.com>
+Date: Sat, 14 Jan 2017 01:04:31 +0200
+Subject: [PATCH] Fix duplicate Reassociation Request frame dropping
+
+Relational operators (==) have higher precedence than the ternary
+conditional in C. The last_subtype check for association/reassociation
+was broken due to incorrect assumption about the precedence. Fix this by
+adding parenthesis around the ternary conditional.
+
+The previous implementation worked for Association Request frames by
+accident since WLAN_FC_STYPE_ASSOC_REQ happens to have value 0 and when
+the last receive frame was an Association Request frame, the
+sta->last_subtype == reassoc check was true and non-zero
+WLAN_FC_STYPE_REASSOC_REQ was interpreted as true. However, this was
+broken for Reassociation Request frame. reassoc == 1 in that case could
+have matched received Association Response frame (subtype == 1), but
+those are not received in AP mode and as such, this did not break other
+behavior apart from not being able to drop duplicated Reassociation
+Request frames.
+
+Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
+---
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -2485,8 +2485,8 @@ static void handle_assoc(struct hostapd_
+ if ((fc & WLAN_FC_RETRY) &&
+ sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
+ sta->last_seq_ctrl == seq_ctrl &&
+- sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
+- WLAN_FC_STYPE_ASSOC_REQ) {
++ sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
++ WLAN_FC_STYPE_ASSOC_REQ)) {
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_DEBUG,
+ "Drop repeated association frame seq_ctrl=0x%x",
diff --git a/package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch b/package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch
new file mode 100644
index 0000000..0a3c27f
--- /dev/null
+++ b/package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch
@@ -0,0 +1,40 @@
+From: Jouni Malinen <j at w1.fi>
+Date: Sat, 14 Jan 2017 13:56:18 +0200
+Subject: [PATCH] RSN IBSS: Fix TK clearing on Authentication frame RX
+
+When wpa_supplicant was processing a received Authentication frame (seq
+1) from a peer STA for which there was already a TK configured to the
+driver, debug log claimed that the PTK gets cleared, but the actual
+call to clear the key was actually dropped due to AUTH vs. SUPP set_key
+selection. Fix this by explicitly clearing the TK in case it was set
+and an Authentication frame (seq 1) is received.
+
+This fixes some cases where EAPOL-Key frames were sent encrypted using
+the old key when a peer STA restarted itself and lost the key and had to
+re-join the IBSS. Previously, that state required timing out the 4-way
+handshake and Deauthentication frame exchange to recover.
+
+Signed-off-by: Jouni Malinen <j at w1.fi>
+---
+
+--- a/wpa_supplicant/ibss_rsn.c
++++ b/wpa_supplicant/ibss_rsn.c
+@@ -838,6 +838,18 @@ static void ibss_rsn_handle_auth_1_of_2(
+ MAC2STR(addr));
+
+ if (peer &&
++ peer->authentication_status & (IBSS_RSN_SET_PTK_SUPP |
++ IBSS_RSN_SET_PTK_AUTH)) {
++ /* Clear the TK for this pair to allow recovery from the case
++ * where the peer STA has restarted and lost its key while we
++ * still have a pairwise key configured. */
++ wpa_printf(MSG_DEBUG, "RSN: Clear pairwise key for peer "
++ MACSTR, MAC2STR(addr));
++ wpa_drv_set_key(ibss_rsn->wpa_s, WPA_ALG_NONE, addr, 0, 0,
++ NULL, 0, NULL, 0);
++ }
++
++ if (peer &&
+ peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) {
+ if (peer->own_auth_tx.sec) {
+ struct os_reltime now, diff;
diff --git a/package/network/services/hostapd/patches/100-daemonize_fix.patch b/package/network/services/hostapd/patches/100-daemonize_fix.patch
index fad8466..0389406 100644
--- a/package/network/services/hostapd/patches/100-daemonize_fix.patch
+++ b/package/network/services/hostapd/patches/100-daemonize_fix.patch
@@ -60,13 +60,13 @@
+ if (chdir("/") < 0)
return -1;
- }
--
+
- return 0;
-}
-#else /* __APPLE__ */
-#define os_daemon daemon
-#endif /* __APPLE__ */
-
+-
-
-int os_daemonize(const char *pid_file)
-{
diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index e758afb..ee892e2 100644
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -156,7 +156,7 @@
/*
* sta->capability is used in check_assoc_ies() for RRM enabled
* capability element.
-@@ -3023,7 +3049,7 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -3025,7 +3051,7 @@ int ieee802_11_mgmt(struct hostapd_data
if (stype == WLAN_FC_STYPE_PROBE_REQ) {
@@ -165,7 +165,7 @@
return 1;
}
-@@ -3041,17 +3067,17 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -3043,17 +3069,17 @@ int ieee802_11_mgmt(struct hostapd_data
switch (stype) {
case WLAN_FC_STYPE_AUTH:
wpa_printf(MSG_DEBUG, "mgmt::auth");
More information about the lede-commits
mailing list