[LEDE-DEV] [PATCH] hostapd: update to git snapshot of 2018-03-13

Daniel Golle daniel at makrotopia.org
Tue Mar 27 09:40:32 PDT 2018


Runs nice and stable since this post.
Should I just push it?

Tested on: ramips/mt7621, ar71xx/generic

On Thu, Mar 15, 2018 at 01:29:03AM +0100, Daniel Golle wrote:
> Update hostapd sources to current git snapshot to get rid of local
> patches and pave the road towards using WPA3 features.
> 
> For SAE key management in mesh mode, use the newly introduce
> sae_password parameter instead of the psk parameter to also support
> SAE keys which would fail the checks applied on the psk field (ie.
> length and such).
> 
> The following patches were merged upstream:
> 000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
>  replaced by commit 0e3bd7ac6
> 001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
>  replaced by commit cb5132bb3
> 002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
>  replaced by commit 87e2db16b
> 003-Prevent-installation-of-an-all-zero-TK.patch
>  replaced by commit 53bb18cc8
> 004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
>  replaced by commit 0adc9b28b
> 005-TDLS-Reject-TPK-TK-reconfiguration.patch
>  replaced by commit ff89af96e
> 006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
>  replaced by commit adae51f8b
> 007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
>  replaced by commit 2a9c5217b
> 008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
>  replaced by commit a00e946c1
> 009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
>  replaced by commit b488a1294
> 010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
>  replaced by commit 6f234c1e2
> 011-Additional-consistentcy-checks-for-PTK-component-len.patch
>  replaced by commit a6ea66530
> 012-Clear-BSSID-information-in-supplicant-state-machine-.patch
>  replaced by commit c0fe5f125
> 013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
>  replaced by commit 114f2830d
> 
> Some patches had to be modified to work with changed upstream source:
> 380-disable_ctrl_iface_mib.patch
>  add more ifdef'ery
> plus some minor knits needed for other patches to apply which are not
> worth being explicitely listed here.
> 
> Signed-off-by: Daniel Golle <daniel at makrotopia.org>
> ---
> Compile tested: ar71xx/generic, ramips/mt7621
> Run tested: ramips/mt7621 (MT7603E+MT7612E)
> 
>  package/network/services/hostapd/Makefile          |   8 +-
>  package/network/services/hostapd/files/hostapd.sh  |   6 +-
>  ...-Avoid-key-reinstallation-in-FT-handshake.patch | 154 -------------
>  ...nstallation-of-an-already-in-use-group-ke.patch | 244 ---------------------
>  ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 182 ---------------
>  ...03-Prevent-installation-of-an-all-zero-TK.patch |  73 ------
>  ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch |  56 -----
>  .../005-TDLS-Reject-TPK-TK-reconfiguration.patch   | 124 -----------
>  ...WNM-Sleep-Mode-Response-without-pending-r.patch |  35 ---
>  ...llow-multiple-Reassociation-Response-fram.patch |  68 ------
>  ...efense-against-PTK-reinstalls-in-4-way-ha.patch |  34 ---
>  ...ength-and-check-for-this-when-deriving-PT.patch |  53 -----
>  ...-side-workaround-for-key-reinstallation-a.patch | 221 -------------------
>  ...consistentcy-checks-for-PTK-component-len.patch | 100 ---------
>  ...-information-in-supplicant-state-machine-.patch |  25 ---
>  ...WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch |  35 ---
>  .../hostapd/patches/110-no_eapol_fix.patch         |   2 +-
>  .../services/hostapd/patches/200-multicall.patch   |  48 ++--
>  .../services/hostapd/patches/300-noscan.patch      |   4 +-
>  .../hostapd/patches/310-rescan_immediately.patch   |   2 +-
>  .../hostapd/patches/330-nl80211_fix_set_freq.patch |   2 +-
>  .../patches/350-nl80211_del_beacon_bss.patch       |  10 +-
>  .../hostapd/patches/360-ctrl_iface_reload.patch    |  10 +-
>  .../hostapd/patches/370-ap_sta_support.patch       |  18 +-
>  .../patches/380-disable_ctrl_iface_mib.patch       |  53 +++--
>  .../patches/390-wpa_ie_cap_workaround.patch        |   4 +-
>  .../patches/400-wps_single_auth_enc_type.patch     |   4 +-
>  .../hostapd/patches/420-indicate-features.patch    |   4 +-
>  .../hostapd/patches/430-hostapd_cli_ifdef.patch    |   4 +-
>  .../services/hostapd/patches/450-scan_wait.patch   |  12 +-
>  ...ant-add-new-config-params-to-be-used-with.patch |  12 +-
>  ...80211-use-new-parameters-during-ibss-join.patch |   4 +-
>  .../patches/463-add-mcast_rate-to-11s.patch        |   6 +-
>  .../hostapd/patches/464-fix-mesh-obss-check.patch  |   2 +-
>  .../hostapd/patches/600-ubus_support.patch         |  52 +++--
>  35 files changed, 147 insertions(+), 1524 deletions(-)
>  delete mode 100644 package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
>  delete mode 100644 package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
>  delete mode 100644 package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
>  delete mode 100644 package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch
>  delete mode 100644 package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
>  delete mode 100644 package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch
>  delete mode 100644 package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
>  delete mode 100644 package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
>  delete mode 100644 package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
>  delete mode 100644 package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
>  delete mode 100644 package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
>  delete mode 100644 package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch
>  delete mode 100644 package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch
>  delete mode 100644 package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
> 
> diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
> index 51f1692933..bd5832aa75 100644
> --- a/package/network/services/hostapd/Makefile
> +++ b/package/network/services/hostapd/Makefile
> @@ -7,13 +7,13 @@
>  include $(TOPDIR)/rules.mk
>  
>  PKG_NAME:=hostapd
> -PKG_RELEASE:=6
> +PKG_RELEASE:=1
>  
>  PKG_SOURCE_URL:=http://w1.fi/hostap.git
>  PKG_SOURCE_PROTO:=git
> -PKG_SOURCE_DATE:=2017-08-24
> -PKG_SOURCE_VERSION:=c2d4f2eb5dba0b5c5a8c5805823084da958a9b52
> -PKG_MIRROR_HASH:=c6ad9a73fc1ae0ba8bc48f71cf14394b274bc9c2c1d1b53c2775f08312597e74
> +PKG_SOURCE_DATE:=2018-03-13
> +PKG_SOURCE_VERSION:=c63e69c3799bd7eb89c6bd4f1b0d1932b8869247
> +PKG_MIRROR_HASH:=0c3a5cf6499c31b8f6bd6973edc38cd7f6d92b6eb8735aaf43b3680d499c273a
>  
>  PKG_MAINTAINER:=Felix Fietkau <nbd at nbd.name>
>  PKG_LICENSE:=BSD-3-Clause
> diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
> index 334694abfa..2d2c6a7c79 100644
> --- a/package/network/services/hostapd/files/hostapd.sh
> +++ b/package/network/services/hostapd/files/hostapd.sh
> @@ -706,7 +706,11 @@ wpa_supplicant_add_network() {
>  			if [ ${#key} -eq 64 ]; then
>  				passphrase="psk=${key}"
>  			else
> -				passphrase="psk=\"${key}\""
> +				if [ "$_w_mode" = "mesh" ]; then
> +					passphrase="sae_password=\"${key}\""
> +				else
> +					passphrase="psk=\"${key}\""
> +				fi
>  			fi
>  			append network_data "$passphrase" "$N$T"
>  		;;
> diff --git a/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
> deleted file mode 100644
> index 14b2d7c717..0000000000
> --- a/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
> +++ /dev/null
> @@ -1,154 +0,0 @@
> -From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> -Date: Fri, 14 Jul 2017 15:15:35 +0200
> -Subject: [PATCH] hostapd: Avoid key reinstallation in FT handshake
> -
> -Do not reinstall TK to the driver during Reassociation Response frame
> -processing if the first attempt of setting the TK succeeded. This avoids
> -issues related to clearing the TX/RX PN that could result in reusing
> -same PN values for transmitted frames (e.g., due to CCM nonce reuse and
> -also hitting replay protection on the receiver) and accepting replayed
> -frames on RX side.
> -
> -This issue was introduced by the commit
> -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
> -authenticator') which allowed wpa_ft_install_ptk() to be called multiple
> -times with the same PTK. While the second configuration attempt is
> -needed with some drivers, it must be done only if the first attempt
> -failed.
> -
> -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> ----
> -
> ---- a/src/ap/ieee802_11.c
> -+++ b/src/ap/ieee802_11.c
> -@@ -2522,6 +2522,7 @@ static int add_associated_sta(struct hos
> - {
> - 	struct ieee80211_ht_capabilities ht_cap;
> - 	struct ieee80211_vht_capabilities vht_cap;
> -+	int set = 1;
> - 
> - 	/*
> - 	 * Remove the STA entry to ensure the STA PS state gets cleared and
> -@@ -2529,9 +2530,18 @@ static int add_associated_sta(struct hos
> - 	 * FT-over-the-DS, where a station re-associates back to the same AP but
> - 	 * skips the authentication flow, or if working with a driver that
> - 	 * does not support full AP client state.
> -+	 *
> -+	 * Skip this if the STA has already completed FT reassociation and the
> -+	 * TK has been configured since the TX/RX PN must not be reset to 0 for
> -+	 * the same key.
> - 	 */
> --	if (!sta->added_unassoc)
> -+	if (!sta->added_unassoc &&
> -+	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
> -+	     !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
> - 		hostapd_drv_sta_remove(hapd, sta->addr);
> -+		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
> -+		set = 0;
> -+	}
> - 
> - #ifdef CONFIG_IEEE80211N
> - 	if (sta->flags & WLAN_STA_HT)
> -@@ -2554,11 +2564,11 @@ static int add_associated_sta(struct hos
> - 			    sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
> - 			    sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
> - 			    sta->vht_opmode, sta->p2p_ie ? 1 : 0,
> --			    sta->added_unassoc)) {
> -+			    set)) {
> - 		hostapd_logger(hapd, sta->addr,
> - 			       HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
> - 			       "Could not %s STA to kernel driver",
> --			       sta->added_unassoc ? "set" : "add");
> -+			       set ? "set" : "add");
> - 
> - 		if (sta->added_unassoc) {
> - 			hostapd_drv_sta_remove(hapd, sta->addr);
> ---- a/src/ap/wpa_auth.c
> -+++ b/src/ap/wpa_auth.c
> -@@ -1783,6 +1783,9 @@ int wpa_auth_sm_event(struct wpa_state_m
> - #else /* CONFIG_FILS */
> - 		break;
> - #endif /* CONFIG_FILS */
> -+	case WPA_DRV_STA_REMOVED:
> -+		sm->tk_already_set = FALSE;
> -+		return 0;
> - 	}
> - 
> - #ifdef CONFIG_IEEE80211R_AP
> -@@ -3922,6 +3925,14 @@ int wpa_auth_sta_wpa_version(struct wpa_
> - }
> - 
> - 
> -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
> -+{
> -+	if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
> -+		return 0;
> -+	return sm->tk_already_set;
> -+}
> -+
> -+
> - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
> - 			     struct rsn_pmksa_cache_entry *entry)
> - {
> ---- a/src/ap/wpa_auth.h
> -+++ b/src/ap/wpa_auth.h
> -@@ -300,7 +300,7 @@ void wpa_receive(struct wpa_authenticato
> - 		 u8 *data, size_t data_len);
> - enum wpa_event {
> - 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
> --	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS
> -+	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS, WPA_DRV_STA_REMOVED
> - };
> - void wpa_remove_ptk(struct wpa_state_machine *sm);
> - int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
> -@@ -313,6 +313,7 @@ int wpa_auth_pairwise_set(struct wpa_sta
> - int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
> - int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
> - int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
> -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
> - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
> - 			     struct rsn_pmksa_cache_entry *entry);
> - struct rsn_pmksa_cache_entry *
> ---- a/src/ap/wpa_auth_ft.c
> -+++ b/src/ap/wpa_auth_ft.c
> -@@ -1937,6 +1937,14 @@ void wpa_ft_install_ptk(struct wpa_state
> - 		return;
> - 	}
> - 
> -+	if (sm->tk_already_set) {
> -+		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
> -+		 * PN in the driver */
> -+		wpa_printf(MSG_DEBUG,
> -+			   "FT: Do not re-install same PTK to the driver");
> -+		return;
> -+	}
> -+
> - 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
> - 	 * most likely without this.. At the moment, STA entry is added only
> - 	 * after association has been completed. This function will be called
> -@@ -1949,6 +1957,7 @@ void wpa_ft_install_ptk(struct wpa_state
> - 
> - 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
> - 	sm->pairwise_set = TRUE;
> -+	sm->tk_already_set = TRUE;
> - }
> - 
> - 
> -@@ -2152,6 +2161,7 @@ static int wpa_ft_process_auth_req(struc
> - 
> - 	sm->pairwise = pairwise;
> - 	sm->PTK_valid = TRUE;
> -+	sm->tk_already_set = FALSE;
> - 	wpa_ft_install_ptk(sm);
> - 
> - 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
> ---- a/src/ap/wpa_auth_i.h
> -+++ b/src/ap/wpa_auth_i.h
> -@@ -61,6 +61,7 @@ struct wpa_state_machine {
> - 	struct wpa_ptk PTK;
> - 	Boolean PTK_valid;
> - 	Boolean pairwise_set;
> -+	Boolean tk_already_set;
> - 	int keycount;
> - 	Boolean Pair;
> - 	struct wpa_key_replay_counter {
> diff --git a/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
> deleted file mode 100644
> index b283bf887d..0000000000
> --- a/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
> +++ /dev/null
> @@ -1,244 +0,0 @@
> -From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> -Date: Wed, 12 Jul 2017 16:03:24 +0200
> -Subject: [PATCH] Prevent reinstallation of an already in-use group key
> -
> -Track the current GTK and IGTK that is in use and when receiving a
> -(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
> -not install the given key if it is already in use. This prevents an
> -attacker from trying to trick the client into resetting or lowering the
> -sequence counter associated to the group key.
> -
> -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> ----
> -
> ---- a/src/common/wpa_common.h
> -+++ b/src/common/wpa_common.h
> -@@ -218,6 +218,17 @@ struct wpa_ptk {
> - 	size_t tk_len;
> - };
> - 
> -+struct wpa_gtk {
> -+	u8 gtk[WPA_GTK_MAX_LEN];
> -+	size_t gtk_len;
> -+};
> -+
> -+#ifdef CONFIG_IEEE80211W
> -+struct wpa_igtk {
> -+	u8 igtk[WPA_IGTK_MAX_LEN];
> -+	size_t igtk_len;
> -+};
> -+#endif /* CONFIG_IEEE80211W */
> - 
> - /* WPA IE version 1
> -  * 00-50-f2:1 (OUI:OUI type)
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -800,6 +800,15 @@ static int wpa_supplicant_install_gtk(st
> - 	const u8 *_gtk = gd->gtk;
> - 	u8 gtk_buf[32];
> - 
> -+	/* Detect possible key reinstallation */
> -+	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
> -+	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
> -+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> -+			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
> -+			gd->keyidx, gd->tx, gd->gtk_len);
> -+		return 0;
> -+	}
> -+
> - 	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
> - 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> - 		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
> -@@ -834,6 +843,9 @@ static int wpa_supplicant_install_gtk(st
> - 	}
> - 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
> - 
> -+	sm->gtk.gtk_len = gd->gtk_len;
> -+	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
> -+
> - 	return 0;
> - }
> - 
> -@@ -940,6 +952,48 @@ static int wpa_supplicant_pairwise_gtk(s
> - }
> - 
> - 
> -+#ifdef CONFIG_IEEE80211W
> -+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
> -+				       const struct wpa_igtk_kde *igtk)
> -+{
> -+	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
> -+	u16 keyidx = WPA_GET_LE16(igtk->keyid);
> -+
> -+	/* Detect possible key reinstallation */
> -+	if (sm->igtk.igtk_len == len &&
> -+	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
> -+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> -+			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
> -+			keyidx);
> -+		return  0;
> -+	}
> -+
> -+	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> -+		"WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
> -+		keyidx, MAC2STR(igtk->pn));
> -+	wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
> -+	if (keyidx > 4095) {
> -+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> -+			"WPA: Invalid IGTK KeyID %d", keyidx);
> -+		return -1;
> -+	}
> -+	if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
> -+			   broadcast_ether_addr,
> -+			   keyidx, 0, igtk->pn, sizeof(igtk->pn),
> -+			   igtk->igtk, len) < 0) {
> -+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> -+			"WPA: Failed to configure IGTK to the driver");
> -+		return -1;
> -+	}
> -+
> -+	sm->igtk.igtk_len = len;
> -+	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
> -+
> -+	return 0;
> -+}
> -+#endif /* CONFIG_IEEE80211W */
> -+
> -+
> - static int ieee80211w_set_keys(struct wpa_sm *sm,
> - 			       struct wpa_eapol_ie_parse *ie)
> - {
> -@@ -950,30 +1004,14 @@ static int ieee80211w_set_keys(struct wp
> - 	if (ie->igtk) {
> - 		size_t len;
> - 		const struct wpa_igtk_kde *igtk;
> --		u16 keyidx;
> -+
> - 		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
> - 		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
> - 			return -1;
> -+
> - 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
> --		keyidx = WPA_GET_LE16(igtk->keyid);
> --		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
> --			"pn %02x%02x%02x%02x%02x%02x",
> --			keyidx, MAC2STR(igtk->pn));
> --		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
> --				igtk->igtk, len);
> --		if (keyidx > 4095) {
> --			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> --				"WPA: Invalid IGTK KeyID %d", keyidx);
> -+		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
> - 			return -1;
> --		}
> --		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
> --				   broadcast_ether_addr,
> --				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
> --				   igtk->igtk, len) < 0) {
> --			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> --				"WPA: Failed to configure IGTK to the driver");
> --			return -1;
> --		}
> - 	}
> - 
> - 	return 0;
> -@@ -2491,7 +2529,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
> -  */
> - void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
> - {
> --	int clear_ptk = 1;
> -+	int clear_keys = 1;
> - 
> - 	if (sm == NULL)
> - 		return;
> -@@ -2517,7 +2555,7 @@ void wpa_sm_notify_assoc(struct wpa_sm *
> - 		/* Prepare for the next transition */
> - 		wpa_ft_prepare_auth_request(sm, NULL);
> - 
> --		clear_ptk = 0;
> -+		clear_keys = 0;
> - 	}
> - #endif /* CONFIG_IEEE80211R */
> - #ifdef CONFIG_FILS
> -@@ -2527,11 +2565,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *
> - 		 * AUTHENTICATED state to get the EAPOL port Authorized.
> - 		 */
> - 		wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
> --		clear_ptk = 0;
> -+		clear_keys = 0;
> - 	}
> - #endif /* CONFIG_FILS */
> - 
> --	if (clear_ptk) {
> -+	if (clear_keys) {
> - 		/*
> - 		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
> - 		 * this is not part of a Fast BSS Transition.
> -@@ -2541,6 +2579,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
> - 		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
> - 		sm->tptk_set = 0;
> - 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> -+		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
> -+#ifdef CONFIG_IEEE80211W
> -+		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
> -+#endif /* CONFIG_IEEE80211W */
> - 	}
> - 
> - #ifdef CONFIG_TDLS
> -@@ -3117,6 +3159,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
> - 	os_memset(sm->pmk, 0, sizeof(sm->pmk));
> - 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
> - 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> -+	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
> -+#ifdef CONFIG_IEEE80211W
> -+	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
> -+#endif /* CONFIG_IEEE80211W */
> - #ifdef CONFIG_IEEE80211R
> - 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
> - 	os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
> -@@ -3189,29 +3235,11 @@ int wpa_wnmsleep_install_key(struct wpa_
> - 		os_memset(&gd, 0, sizeof(gd));
> - #ifdef CONFIG_IEEE80211W
> - 	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
> --		struct wpa_igtk_kde igd;
> --		u16 keyidx;
> -+		const struct wpa_igtk_kde *igtk;
> - 
> --		os_memset(&igd, 0, sizeof(igd));
> --		keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
> --		os_memcpy(igd.keyid, buf + 2, 2);
> --		os_memcpy(igd.pn, buf + 4, 6);
> --
> --		keyidx = WPA_GET_LE16(igd.keyid);
> --		os_memcpy(igd.igtk, buf + 10, keylen);
> --
> --		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
> --				igd.igtk, keylen);
> --		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
> --				   broadcast_ether_addr,
> --				   keyidx, 0, igd.pn, sizeof(igd.pn),
> --				   igd.igtk, keylen) < 0) {
> --			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
> --				   "WNM mode");
> --			os_memset(&igd, 0, sizeof(igd));
> -+		igtk = (const struct wpa_igtk_kde *) (buf + 2);
> -+		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
> - 			return -1;
> --		}
> --		os_memset(&igd, 0, sizeof(igd));
> - #endif /* CONFIG_IEEE80211W */
> - 	} else {
> - 		wpa_printf(MSG_DEBUG, "Unknown element id");
> ---- a/src/rsn_supp/wpa_i.h
> -+++ b/src/rsn_supp/wpa_i.h
> -@@ -31,6 +31,10 @@ struct wpa_sm {
> - 	u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
> - 	int rx_replay_counter_set;
> - 	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
> -+	struct wpa_gtk gtk;
> -+#ifdef CONFIG_IEEE80211W
> -+	struct wpa_igtk igtk;
> -+#endif /* CONFIG_IEEE80211W */
> - 
> - 	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
> - 
> diff --git a/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
> deleted file mode 100644
> index 2093d25e9c..0000000000
> --- a/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
> +++ /dev/null
> @@ -1,182 +0,0 @@
> -From: Jouni Malinen <j at w1.fi>
> -Date: Sun, 1 Oct 2017 12:12:24 +0300
> -Subject: [PATCH] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
> - Mode cases
> -
> -This extends the protection to track last configured GTK/IGTK value
> -separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
> -corner case where these two different mechanisms may get used when the
> -GTK/IGTK has changed and tracking a single value is not sufficient to
> -detect a possible key reconfiguration.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> -
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -795,14 +795,17 @@ struct wpa_gtk_data {
> - 
> - static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
> - 				      const struct wpa_gtk_data *gd,
> --				      const u8 *key_rsc)
> -+				      const u8 *key_rsc, int wnm_sleep)
> - {
> - 	const u8 *_gtk = gd->gtk;
> - 	u8 gtk_buf[32];
> - 
> - 	/* Detect possible key reinstallation */
> --	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
> --	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
> -+	if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
> -+	     os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
> -+	    (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
> -+	     os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
> -+		       sm->gtk_wnm_sleep.gtk_len) == 0)) {
> - 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> - 			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
> - 			gd->keyidx, gd->tx, gd->gtk_len);
> -@@ -843,8 +846,14 @@ static int wpa_supplicant_install_gtk(st
> - 	}
> - 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
> - 
> --	sm->gtk.gtk_len = gd->gtk_len;
> --	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
> -+	if (wnm_sleep) {
> -+		sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
> -+		os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
> -+			  sm->gtk_wnm_sleep.gtk_len);
> -+	} else {
> -+		sm->gtk.gtk_len = gd->gtk_len;
> -+		os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
> -+	}
> - 
> - 	return 0;
> - }
> -@@ -938,7 +947,7 @@ static int wpa_supplicant_pairwise_gtk(s
> - 	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
> - 					       gtk_len, gtk_len,
> - 					       &gd.key_rsc_len, &gd.alg) ||
> --	     wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
> -+	     wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
> - 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> - 			"RSN: Failed to install GTK");
> - 		os_memset(&gd, 0, sizeof(gd));
> -@@ -954,14 +963,18 @@ static int wpa_supplicant_pairwise_gtk(s
> - 
> - #ifdef CONFIG_IEEE80211W
> - static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
> --				       const struct wpa_igtk_kde *igtk)
> -+				       const struct wpa_igtk_kde *igtk,
> -+				       int wnm_sleep)
> - {
> - 	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
> - 	u16 keyidx = WPA_GET_LE16(igtk->keyid);
> - 
> - 	/* Detect possible key reinstallation */
> --	if (sm->igtk.igtk_len == len &&
> --	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
> -+	if ((sm->igtk.igtk_len == len &&
> -+	     os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
> -+	    (sm->igtk_wnm_sleep.igtk_len == len &&
> -+	     os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
> -+		       sm->igtk_wnm_sleep.igtk_len) == 0)) {
> - 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> - 			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
> - 			keyidx);
> -@@ -986,8 +999,14 @@ static int wpa_supplicant_install_igtk(s
> - 		return -1;
> - 	}
> - 
> --	sm->igtk.igtk_len = len;
> --	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
> -+	if (wnm_sleep) {
> -+		sm->igtk_wnm_sleep.igtk_len = len;
> -+		os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
> -+			  sm->igtk_wnm_sleep.igtk_len);
> -+	} else {
> -+		sm->igtk.igtk_len = len;
> -+		os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
> -+	}
> - 
> - 	return 0;
> - }
> -@@ -1010,7 +1029,7 @@ static int ieee80211w_set_keys(struct wp
> - 			return -1;
> - 
> - 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
> --		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
> -+		if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
> - 			return -1;
> - 	}
> - 
> -@@ -1659,7 +1678,7 @@ static void wpa_supplicant_process_1_of_
> - 	if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
> - 		key_rsc = null_rsc;
> - 
> --	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
> -+	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
> - 	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
> - 		goto failed;
> - 	os_memset(&gd, 0, sizeof(gd));
> -@@ -2580,8 +2599,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
> - 		sm->tptk_set = 0;
> - 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> - 		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
> -+		os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
> - #ifdef CONFIG_IEEE80211W
> - 		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
> -+		os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
> - #endif /* CONFIG_IEEE80211W */
> - 	}
> - 
> -@@ -3160,8 +3181,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
> - 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
> - 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> - 	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
> -+	os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
> - #ifdef CONFIG_IEEE80211W
> - 	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
> -+	os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
> - #endif /* CONFIG_IEEE80211W */
> - #ifdef CONFIG_IEEE80211R
> - 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
> -@@ -3226,7 +3249,7 @@ int wpa_wnmsleep_install_key(struct wpa_
> - 
> - 		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
> - 				gd.gtk, gd.gtk_len);
> --		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
> -+		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
> - 			os_memset(&gd, 0, sizeof(gd));
> - 			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
> - 				   "WNM mode");
> -@@ -3238,7 +3261,7 @@ int wpa_wnmsleep_install_key(struct wpa_
> - 		const struct wpa_igtk_kde *igtk;
> - 
> - 		igtk = (const struct wpa_igtk_kde *) (buf + 2);
> --		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
> -+		if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
> - 			return -1;
> - #endif /* CONFIG_IEEE80211W */
> - 	} else {
> -@@ -4121,7 +4144,7 @@ int fils_process_assoc_resp(struct wpa_s
> - 	os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2);
> - 
> - 	wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver");
> --	if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery) < 0) {
> -+	if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) {
> - 		wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK");
> - 		goto fail;
> - 	}
> ---- a/src/rsn_supp/wpa_i.h
> -+++ b/src/rsn_supp/wpa_i.h
> -@@ -32,8 +32,10 @@ struct wpa_sm {
> - 	int rx_replay_counter_set;
> - 	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
> - 	struct wpa_gtk gtk;
> -+	struct wpa_gtk gtk_wnm_sleep;
> - #ifdef CONFIG_IEEE80211W
> - 	struct wpa_igtk igtk;
> -+	struct wpa_igtk igtk_wnm_sleep;
> - #endif /* CONFIG_IEEE80211W */
> - 
> - 	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
> diff --git a/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch b/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch
> deleted file mode 100644
> index 30679e25c2..0000000000
> --- a/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch
> +++ /dev/null
> @@ -1,73 +0,0 @@
> -From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> -Date: Fri, 29 Sep 2017 04:22:51 +0200
> -Subject: [PATCH] Prevent installation of an all-zero TK
> -
> -Properly track whether a PTK has already been installed to the driver
> -and the TK part cleared from memory. This prevents an attacker from
> -trying to trick the client into installing an all-zero TK.
> -
> -This fixes the earlier fix in commit
> -ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
> -driver in EAPOL-Key 3/4 retry case') which did not take into account
> -possibility of an extra message 1/4 showing up between retries of
> -message 3/4.
> -
> -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> ----
> -
> ---- a/src/common/wpa_common.h
> -+++ b/src/common/wpa_common.h
> -@@ -216,6 +216,7 @@ struct wpa_ptk {
> - 	size_t kck_len;
> - 	size_t kek_len;
> - 	size_t tk_len;
> -+	int installed; /* 1 if key has already been installed to driver */
> - };
> - 
> - struct wpa_gtk {
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -594,7 +594,6 @@ static void wpa_supplicant_process_1_of_
> - 		os_memset(buf, 0, sizeof(buf));
> - 	}
> - 	sm->tptk_set = 1;
> --	sm->tk_to_set = 1;
> - 
> - 	kde = sm->assoc_wpa_ie;
> - 	kde_len = sm->assoc_wpa_ie_len;
> -@@ -701,7 +700,7 @@ static int wpa_supplicant_install_ptk(st
> - 	enum wpa_alg alg;
> - 	const u8 *key_rsc;
> - 
> --	if (!sm->tk_to_set) {
> -+	if (sm->ptk.installed) {
> - 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
> - 			"WPA: Do not re-install same PTK to the driver");
> - 		return 0;
> -@@ -745,7 +744,7 @@ static int wpa_supplicant_install_ptk(st
> - 
> - 	/* TK is not needed anymore in supplicant */
> - 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
> --	sm->tk_to_set = 0;
> -+	sm->ptk.installed = 1;
> - 
> - 	if (sm->wpa_ptk_rekey) {
> - 		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
> -@@ -4172,6 +4171,7 @@ int fils_process_assoc_resp(struct wpa_s
> - 	 * takes care of association frame encryption/decryption. */
> - 	/* TK is not needed anymore in supplicant */
> - 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
> -+	sm->ptk.installed = 1;
> - 
> - 	/* FILS HLP Container */
> - 	fils_process_hlp_container(sm, ie_start, end - ie_start);
> ---- a/src/rsn_supp/wpa_i.h
> -+++ b/src/rsn_supp/wpa_i.h
> -@@ -24,7 +24,6 @@ struct wpa_sm {
> - 	struct wpa_ptk ptk, tptk;
> - 	int ptk_set, tptk_set;
> - 	unsigned int msg_3_of_4_ok:1;
> --	unsigned int tk_to_set:1;
> - 	u8 snonce[WPA_NONCE_LEN];
> - 	u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
> - 	int renew_snonce;
> diff --git a/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
> deleted file mode 100644
> index 6f28e74314..0000000000
> --- a/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
> +++ /dev/null
> @@ -1,56 +0,0 @@
> -From: Jouni Malinen <j at w1.fi>
> -Date: Sun, 1 Oct 2017 12:32:57 +0300
> -Subject: [PATCH] Fix PTK rekeying to generate a new ANonce
> -
> -The Authenticator state machine path for PTK rekeying ended up bypassing
> -the AUTHENTICATION2 state where a new ANonce is generated when going
> -directly to the PTKSTART state since there is no need to try to
> -determine the PMK again in such a case. This is far from ideal since the
> -new PTK would depend on a new nonce only from the supplicant.
> -
> -Fix this by generating a new ANonce when moving to the PTKSTART state
> -for the purpose of starting new 4-way handshake to rekey PTK.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> -
> ---- a/src/ap/wpa_auth.c
> -+++ b/src/ap/wpa_auth.c
> -@@ -1951,6 +1951,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
> - }
> - 
> - 
> -+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
> -+{
> -+	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
> -+		wpa_printf(MSG_ERROR,
> -+			   "WPA: Failed to get random data for ANonce");
> -+		sm->Disconnect = TRUE;
> -+		return -1;
> -+	}
> -+	wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
> -+		    WPA_NONCE_LEN);
> -+	sm->TimeoutCtr = 0;
> -+	return 0;
> -+}
> -+
> -+
> - SM_STATE(WPA_PTK, INITPMK)
> - {
> - 	u8 msk[2 * PMK_LEN];
> -@@ -3116,9 +3131,12 @@ SM_STEP(WPA_PTK)
> - 		SM_ENTER(WPA_PTK, AUTHENTICATION);
> - 	else if (sm->ReAuthenticationRequest)
> - 		SM_ENTER(WPA_PTK, AUTHENTICATION2);
> --	else if (sm->PTKRequest)
> --		SM_ENTER(WPA_PTK, PTKSTART);
> --	else switch (sm->wpa_ptk_state) {
> -+	else if (sm->PTKRequest) {
> -+		if (wpa_auth_sm_ptk_update(sm) < 0)
> -+			SM_ENTER(WPA_PTK, DISCONNECTED);
> -+		else
> -+			SM_ENTER(WPA_PTK, PTKSTART);
> -+	} else switch (sm->wpa_ptk_state) {
> - 	case WPA_PTK_INITIALIZE:
> - 		break;
> - 	case WPA_PTK_DISCONNECT:
> diff --git a/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch b/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch
> deleted file mode 100644
> index 2ca05dd643..0000000000
> --- a/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch
> +++ /dev/null
> @@ -1,124 +0,0 @@
> -From: Jouni Malinen <j at w1.fi>
> -Date: Fri, 22 Sep 2017 11:03:15 +0300
> -Subject: [PATCH] TDLS: Reject TPK-TK reconfiguration
> -
> -Do not try to reconfigure the same TPK-TK to the driver after it has
> -been successfully configured. This is an explicit check to avoid issues
> -related to resetting the TX/RX packet number. There was already a check
> -for this for TPK M2 (retries of that message are ignored completely), so
> -that behavior does not get modified.
> -
> -For TPK M3, the TPK-TK could have been reconfigured, but that was
> -followed by immediate teardown of the link due to an issue in updating
> -the STA entry. Furthermore, for TDLS with any real security (i.e.,
> -ignoring open/WEP), the TPK message exchange is protected on the AP path
> -and simple replay attacks are not feasible.
> -
> -As an additional corner case, make sure the local nonce gets updated if
> -the peer uses a very unlikely "random nonce" of all zeros.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> -
> ---- a/src/rsn_supp/tdls.c
> -+++ b/src/rsn_supp/tdls.c
> -@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
> - 		u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
> - 	} tpk;
> - 	int tpk_set;
> -+	int tk_set; /* TPK-TK configured to the driver */
> - 	int tpk_success;
> - 	int tpk_in_progress;
> - 
> -@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_s
> - 	u8 rsc[6];
> - 	enum wpa_alg alg;
> - 
> -+	if (peer->tk_set) {
> -+		/*
> -+		 * This same TPK-TK has already been configured to the driver
> -+		 * and this new configuration attempt (likely due to an
> -+		 * unexpected retransmitted frame) would result in clearing
> -+		 * the TX/RX sequence number which can break security, so must
> -+		 * not allow that to happen.
> -+		 */
> -+		wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
> -+			   " has already been configured to the driver - do not reconfigure",
> -+			   MAC2STR(peer->addr));
> -+		return -1;
> -+	}
> -+
> - 	os_memset(rsc, 0, 6);
> - 
> - 	switch (peer->cipher) {
> -@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_s
> - 		return -1;
> - 	}
> - 
> -+	wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
> -+		   MAC2STR(peer->addr));
> - 	if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
> - 			   rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
> - 		wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
> - 			   "driver");
> - 		return -1;
> - 	}
> -+	peer->tk_set = 1;
> - 	return 0;
> - }
> - 
> -@@ -695,7 +713,7 @@ static void wpa_tdls_peer_clear(struct w
> - 	peer->cipher = 0;
> - 	peer->qos_info = 0;
> - 	peer->wmm_capable = 0;
> --	peer->tpk_set = peer->tpk_success = 0;
> -+	peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
> - 	peer->chan_switch_enabled = 0;
> - 	os_memset(&peer->tpk, 0, sizeof(peer->tpk));
> - 	os_memset(peer->inonce, 0, WPA_NONCE_LEN);
> -@@ -1158,6 +1176,7 @@ skip_rsnie:
> - 		wpa_tdls_peer_free(sm, peer);
> - 		return -1;
> - 	}
> -+	peer->tk_set = 0; /* A new nonce results in a new TK */
> - 	wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
> - 		    peer->inonce, WPA_NONCE_LEN);
> - 	os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
> -@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct w
> - }
> - 
> - 
> -+static int tdls_nonce_set(const u8 *nonce)
> -+{
> -+	int i;
> -+
> -+	for (i = 0; i < WPA_NONCE_LEN; i++) {
> -+		if (nonce[i])
> -+			return 1;
> -+	}
> -+
> -+	return 0;
> -+}
> -+
> -+
> - static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
> - 				   const u8 *buf, size_t len)
> - {
> -@@ -2004,7 +2036,8 @@ skip_rsn:
> - 	peer->rsnie_i_len = kde.rsn_ie_len;
> - 	peer->cipher = cipher;
> - 
> --	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
> -+	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
> -+	    !tdls_nonce_set(peer->inonce)) {
> - 		/*
> - 		 * There is no point in updating the RNonce for every obtained
> - 		 * TPK M1 frame (e.g., retransmission due to timeout) with the
> -@@ -2020,6 +2053,7 @@ skip_rsn:
> - 				"TDLS: Failed to get random data for responder nonce");
> - 			goto error;
> - 		}
> -+		peer->tk_set = 0; /* A new nonce results in a new TK */
> - 	}
> - 
> - #if 0
> diff --git a/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
> deleted file mode 100644
> index 13d78b8cbd..0000000000
> --- a/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
> +++ /dev/null
> @@ -1,35 +0,0 @@
> -From: Jouni Malinen <j at w1.fi>
> -Date: Fri, 22 Sep 2017 11:25:02 +0300
> -Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Response without pending
> - request
> -
> -Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
> -Mode Response if WNM-Sleep Mode has not been used') started ignoring the
> -response when no WNM-Sleep Mode Request had been used during the
> -association. This can be made tighter by clearing the used flag when
> -successfully processing a response. This adds an additional layer of
> -protection against unexpected retransmissions of the response frame.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> -
> ---- a/wpa_supplicant/wnm_sta.c
> -+++ b/wpa_supplicant/wnm_sta.c
> -@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(
> - 
> - 	if (!wpa_s->wnmsleep_used) {
> - 		wpa_printf(MSG_DEBUG,
> --			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
> -+			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
> - 		return;
> - 	}
> - 
> -@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(
> - 		return;
> - 	}
> - 
> -+	wpa_s->wnmsleep_used = 0;
> -+
> - 	if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
> - 	    wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
> - 		wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
> diff --git a/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
> deleted file mode 100644
> index 7712ce5198..0000000000
> --- a/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
> +++ /dev/null
> @@ -1,68 +0,0 @@
> -From: Jouni Malinen <j at w1.fi>
> -Date: Fri, 22 Sep 2017 12:06:37 +0300
> -Subject: [PATCH] FT: Do not allow multiple Reassociation Response frames
> -
> -The driver is expected to not report a second association event without
> -the station having explicitly request a new association. As such, this
> -case should not be reachable. However, since reconfiguring the same
> -pairwise or group keys to the driver could result in nonce reuse issues,
> -be extra careful here and do an additional state check to avoid this
> -even if the local driver ends up somehow accepting an unexpected
> -Reassociation Response frame.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> -
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -2637,6 +2637,9 @@ void wpa_sm_notify_disassoc(struct wpa_s
> - #ifdef CONFIG_FILS
> - 	sm->fils_completed = 0;
> - #endif /* CONFIG_FILS */
> -+#ifdef CONFIG_IEEE80211R
> -+	sm->ft_reassoc_completed = 0;
> -+#endif /* CONFIG_IEEE80211R */
> - 
> - 	/* Keys are not needed in the WPA state machine anymore */
> - 	wpa_sm_drop_sa(sm);
> ---- a/src/rsn_supp/wpa_ft.c
> -+++ b/src/rsn_supp/wpa_ft.c
> -@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wp
> - 	u16 capab;
> - 
> - 	sm->ft_completed = 0;
> -+	sm->ft_reassoc_completed = 0;
> - 
> - 	buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
> - 		2 + sm->r0kh_id_len + ric_ies_len + 100;
> -@@ -687,6 +688,11 @@ int wpa_ft_validate_reassoc_resp(struct
> - 		return -1;
> - 	}
> - 
> -+	if (sm->ft_reassoc_completed) {
> -+		wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
> -+		return 0;
> -+	}
> -+
> - 	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
> - 		wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
> - 		return -1;
> -@@ -787,6 +793,8 @@ int wpa_ft_validate_reassoc_resp(struct
> - 		return -1;
> - 	}
> - 
> -+	sm->ft_reassoc_completed = 1;
> -+
> - 	if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
> - 		return -1;
> - 
> ---- a/src/rsn_supp/wpa_i.h
> -+++ b/src/rsn_supp/wpa_i.h
> -@@ -128,6 +128,7 @@ struct wpa_sm {
> - 	size_t r0kh_id_len;
> - 	u8 r1kh_id[FT_R1KH_ID_LEN];
> - 	int ft_completed;
> -+	int ft_reassoc_completed;
> - 	int over_the_ds_in_progress;
> - 	u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
> - 	int set_ptk_after_assoc;
> diff --git a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch b/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
> deleted file mode 100644
> index 40f6b56965..0000000000
> --- a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
> +++ /dev/null
> @@ -1,34 +0,0 @@
> -From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001
> -From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> -Date: Thu, 5 Oct 2017 23:53:01 +0200
> -Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake
> -
> -Currently, reinstallations of the PTK are prevented by (1) assuring the
> -same TPTK is only set once as the PTK, and (2) that one particular PTK
> -is only installed once. This patch makes it more explicit that point (1)
> -is required to prevent key reinstallations. At the same time, this patch
> -hardens wpa_supplicant such that future changes do not accidentally
> -break this property.
> -
> -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
> ----
> - src/rsn_supp/wpa.c | 8 ++++++++
> - 1 file changed, 8 insertions(+)
> -
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k
> - 			sm->ptk_set = 1;
> - 			os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
> - 			os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> -+			/*
> -+			 * This assures the same TPTK in sm->tptk can never be
> -+			 * copied twice to sm->pkt as the new PTK. In
> -+			 * combination with the installed flag in the wpa_ptk
> -+			 * struct, this assures the same PTK is only installed
> -+			 * once.
> -+			 */
> -+			sm->renew_snonce = 1;
> - 		}
> - 	}
> - 
> diff --git a/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch b/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
> deleted file mode 100644
> index ed7d79ec1b..0000000000
> --- a/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
> +++ /dev/null
> @@ -1,53 +0,0 @@
> -From b488a12948751f57871f09baa345e59b23959a41 Mon Sep 17 00:00:00 2001
> -From: Jouni Malinen <j at w1.fi>
> -Date: Sun, 8 Oct 2017 13:18:02 +0300
> -Subject: [PATCH] Clear PMK length and check for this when deriving PTK
> -
> -Instead of setting the default PMK length for the cleared PMK, set the
> -length to 0 and explicitly check for this when deriving PTK to avoid
> -unexpected key derivation with an all-zeroes key should it be possible
> -to somehow trigger PTK derivation to happen before PMK derivation.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> - src/common/wpa_common.c | 5 +++++
> - src/rsn_supp/wpa.c      | 7 ++++---
> - 2 files changed, 9 insertions(+), 3 deletions(-)
> -
> ---- a/src/common/wpa_common.c
> -+++ b/src/common/wpa_common.c
> -@@ -225,6 +225,11 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t
> - 	u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
> - 	size_t ptk_len;
> - 
> -+	if (pmk_len == 0) {
> -+		wpa_printf(MSG_ERROR, "WPA: No PMK set for PT derivation");
> -+		return -1;
> -+	}
> -+
> - 	if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
> - 		os_memcpy(data, addr1, ETH_ALEN);
> - 		os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -584,7 +584,8 @@ static void wpa_supplicant_process_1_of_
> - 	/* Calculate PTK which will be stored as a temporary PTK until it has
> - 	 * been verified when processing message 3/4. */
> - 	ptk = &sm->tptk;
> --	wpa_derive_ptk(sm, src_addr, key, ptk);
> -+	if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
> -+		goto failed;
> - 	if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
> - 		u8 buf[8];
> - 		/* Supplicant: swap tx/rx Mic keys */
> -@@ -2705,8 +2706,8 @@ void wpa_sm_set_pmk_from_pmksa(struct wp
> - 		sm->pmk_len = sm->cur_pmksa->pmk_len;
> - 		os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
> - 	} else {
> --		sm->pmk_len = PMK_LEN;
> --		os_memset(sm->pmk, 0, PMK_LEN);
> -+		sm->pmk_len = 0;
> -+		os_memset(sm->pmk, 0, PMK_LEN_MAX);
> - 	}
> - }
> - 
> diff --git a/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch b/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
> deleted file mode 100644
> index 19165cce2d..0000000000
> --- a/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
> +++ /dev/null
> @@ -1,221 +0,0 @@
> -From 6f234c1e2ee1ede29f2412b7012b3345ed8e52d3 Mon Sep 17 00:00:00 2001
> -From: Jouni Malinen <j at w1.fi>
> -Date: Mon, 16 Oct 2017 18:37:43 +0300
> -Subject: [PATCH] Optional AP side workaround for key reinstallation attacks
> -
> -This adds a new hostapd configuration parameter
> -wpa_disable_eapol_key_retries=1 that can be used to disable
> -retransmission of EAPOL-Key frames that are used to install
> -keys (EAPOL-Key message 3/4 and group message 1/2). This is
> -similar to setting wpa_group_update_count=1 and
> -wpa_pairwise_update_count=1, but with no impact to message 1/4
> -retries and with extended timeout for messages 4/4 and group
> -message 2/2 to avoid causing issues with stations that may use
> -aggressive power saving have very long time in replying to the
> -EAPOL-Key messages.
> -
> -This option can be used to work around key reinstallation attacks
> -on the station (supplicant) side in cases those station devices
> -cannot be updated for some reason. By removing the
> -retransmissions the attacker cannot cause key reinstallation with
> -a delayed frame transmission. This is related to the station side
> -vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
> -CVE-2017-13080, and CVE-2017-13081.
> -
> -This workaround might cause interoperability issues and reduced
> -robustness of key negotiation especially in environments with
> -heavy traffic load due to the number of attempts to perform the
> -key exchange is reduced significantly. As such, this workaround
> -is disabled by default (unless overridden in build
> -configuration). To enable this, set the parameter to 1.
> -
> -It is also possible to enable this in the build by default by
> -adding the following to the build configuration:
> -
> -CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> - hostapd/config_file.c  |  2 ++
> - hostapd/defconfig      |  4 ++++
> - hostapd/hostapd.conf   | 24 ++++++++++++++++++++++++
> - src/ap/ap_config.c     |  6 ++++++
> - src/ap/ap_config.h     |  1 +
> - src/ap/wpa_auth.c      | 22 ++++++++++++++++++++--
> - src/ap/wpa_auth.h      |  1 +
> - src/ap/wpa_auth_glue.c |  2 ++
> - 8 files changed, 60 insertions(+), 2 deletions(-)
> -
> ---- a/hostapd/config_file.c
> -+++ b/hostapd/config_file.c
> -@@ -2542,6 +2542,8 @@ static int hostapd_config_fill(struct ho
> - 			return 1;
> - 		}
> - 		bss->wpa_pairwise_update_count = (u32) val;
> -+	} else if (os_strcmp(buf, "wpa_disable_eapol_key_retries") == 0) {
> -+		bss->wpa_disable_eapol_key_retries = atoi(pos);
> - 	} else if (os_strcmp(buf, "wpa_passphrase") == 0) {
> - 		int len = os_strlen(pos);
> - 		if (len < 8 || len > 63) {
> ---- a/hostapd/defconfig
> -+++ b/hostapd/defconfig
> -@@ -372,3 +372,7 @@ CONFIG_IPV6=y
> - # Opportunistic Wireless Encryption (OWE)
> - # Experimental implementation of draft-harkins-owe-07.txt
> - #CONFIG_OWE=y
> -+
> -+# Override default value for the wpa_disable_eapol_key_retries configuration
> -+# parameter. See that parameter in hostapd.conf for more details.
> -+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
> ---- a/hostapd/hostapd.conf
> -+++ b/hostapd/hostapd.conf
> -@@ -1315,6 +1315,30 @@ own_ip_addr=127.0.0.1
> - # Range 1..4294967295; default: 4
> - #wpa_pairwise_update_count=4
> - 
> -+# Workaround for key reinstallation attacks
> -+#
> -+# This parameter can be used to disable retransmission of EAPOL-Key frames that
> -+# are used to install keys (EAPOL-Key message 3/4 and group message 1/2). This
> -+# is similar to setting wpa_group_update_count=1 and
> -+# wpa_pairwise_update_count=1, but with no impact to message 1/4 and with
> -+# extended timeout on the response to avoid causing issues with stations that
> -+# may use aggressive power saving have very long time in replying to the
> -+# EAPOL-Key messages.
> -+#
> -+# This option can be used to work around key reinstallation attacks on the
> -+# station (supplicant) side in cases those station devices cannot be updated
> -+# for some reason. By removing the retransmissions the attacker cannot cause
> -+# key reinstallation with a delayed frame transmission. This is related to the
> -+# station side vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
> -+# CVE-2017-13080, and CVE-2017-13081.
> -+#
> -+# This workaround might cause interoperability issues and reduced robustness of
> -+# key negotiation especially in environments with heavy traffic load due to the
> -+# number of attempts to perform the key exchange is reduced significantly. As
> -+# such, this workaround is disabled by default (unless overridden in build
> -+# configuration). To enable this, set the parameter to 1.
> -+#wpa_disable_eapol_key_retries=1
> -+
> - # Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
> - # roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
> - # authentication and key handshake before actually associating with a new AP.
> ---- a/src/ap/ap_config.c
> -+++ b/src/ap/ap_config.c
> -@@ -37,6 +37,10 @@ static void hostapd_config_free_vlan(str
> - }
> - 
> - 
> -+#ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
> -+#define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
> -+#endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
> -+
> - void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
> - {
> - 	dl_list_init(&bss->anqp_elem);
> -@@ -58,6 +62,8 @@ void hostapd_config_defaults_bss(struct
> - 	bss->wpa_gmk_rekey = 86400;
> - 	bss->wpa_group_update_count = 4;
> - 	bss->wpa_pairwise_update_count = 4;
> -+	bss->wpa_disable_eapol_key_retries =
> -+		DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
> - 	bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
> - 	bss->wpa_pairwise = WPA_CIPHER_TKIP;
> - 	bss->wpa_group = WPA_CIPHER_TKIP;
> ---- a/src/ap/ap_config.h
> -+++ b/src/ap/ap_config.h
> -@@ -333,6 +333,7 @@ struct hostapd_bss_config {
> - 	int wpa_ptk_rekey;
> - 	u32 wpa_group_update_count;
> - 	u32 wpa_pairwise_update_count;
> -+	int wpa_disable_eapol_key_retries;
> - 	int rsn_pairwise;
> - 	int rsn_preauth;
> - 	char *rsn_preauth_interfaces;
> ---- a/src/ap/wpa_auth.c
> -+++ b/src/ap/wpa_auth.c
> -@@ -65,6 +65,7 @@ static u8 * ieee80211w_kde_add(struct wp
> - static const u32 eapol_key_timeout_first = 100; /* ms */
> - static const u32 eapol_key_timeout_subseq = 1000; /* ms */
> - static const u32 eapol_key_timeout_first_group = 500; /* ms */
> -+static const u32 eapol_key_timeout_no_retrans = 4000; /* ms */
> - 
> - /* TODO: make these configurable */
> - static const int dot11RSNAConfigPMKLifetime = 43200;
> -@@ -1653,6 +1654,9 @@ static void wpa_send_eapol(struct wpa_au
> - 			eapol_key_timeout_first_group;
> - 	else
> - 		timeout_ms = eapol_key_timeout_subseq;
> -+	if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
> -+	    (!pairwise || (key_info & WPA_KEY_INFO_MIC)))
> -+		timeout_ms = eapol_key_timeout_no_retrans;
> - 	if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
> - 		sm->pending_1_of_4_timeout = 1;
> - 	wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
> -@@ -2882,6 +2886,11 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
> - 	sm->TimeoutEvt = FALSE;
> - 
> - 	sm->TimeoutCtr++;
> -+	if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
> -+	    sm->TimeoutCtr > 1) {
> -+		/* Do not allow retransmission of EAPOL-Key msg 3/4 */
> -+		return;
> -+	}
> - 	if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
> - 		/* No point in sending the EAPOL-Key - we will disconnect
> - 		 * immediately following this. */
> -@@ -3220,7 +3229,9 @@ SM_STEP(WPA_PTK)
> - 			 sm->EAPOLKeyPairwise && sm->MICVerified)
> - 			SM_ENTER(WPA_PTK, PTKINITDONE);
> - 		else if (sm->TimeoutCtr >
> --			 sm->wpa_auth->conf.wpa_pairwise_update_count) {
> -+			 sm->wpa_auth->conf.wpa_pairwise_update_count ||
> -+			 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
> -+			  sm->TimeoutCtr > 1)) {
> - 			wpa_auth->dot11RSNA4WayHandshakeFailures++;
> - 			wpa_auth_vlogger(
> - 				sm->wpa_auth, sm->addr, LOGGER_DEBUG,
> -@@ -3260,6 +3271,11 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING
> - 	SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
> - 
> - 	sm->GTimeoutCtr++;
> -+	if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
> -+	    sm->GTimeoutCtr > 1) {
> -+		/* Do not allow retransmission of EAPOL-Key group msg 1/2 */
> -+		return;
> -+	}
> - 	if (sm->GTimeoutCtr > sm->wpa_auth->conf.wpa_group_update_count) {
> - 		/* No point in sending the EAPOL-Key - we will disconnect
> - 		 * immediately following this. */
> -@@ -3363,7 +3379,9 @@ SM_STEP(WPA_PTK_GROUP)
> - 		    !sm->EAPOLKeyPairwise && sm->MICVerified)
> - 			SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
> - 		else if (sm->GTimeoutCtr >
> --			 sm->wpa_auth->conf.wpa_group_update_count)
> -+			 sm->wpa_auth->conf.wpa_group_update_count ||
> -+			 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
> -+			  sm->GTimeoutCtr > 1))
> - 			SM_ENTER(WPA_PTK_GROUP, KEYERROR);
> - 		else if (sm->TimeoutEvt)
> - 			SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
> ---- a/src/ap/wpa_auth.h
> -+++ b/src/ap/wpa_auth.h
> -@@ -165,6 +165,7 @@ struct wpa_auth_config {
> - 	int wpa_ptk_rekey;
> - 	u32 wpa_group_update_count;
> - 	u32 wpa_pairwise_update_count;
> -+	int wpa_disable_eapol_key_retries;
> - 	int rsn_pairwise;
> - 	int rsn_preauth;
> - 	int eapol_version;
> ---- a/src/ap/wpa_auth_glue.c
> -+++ b/src/ap/wpa_auth_glue.c
> -@@ -45,6 +45,8 @@ static void hostapd_wpa_auth_conf(struct
> - 	wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
> - 	wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
> - 	wconf->wpa_group_update_count = conf->wpa_group_update_count;
> -+	wconf->wpa_disable_eapol_key_retries =
> -+		conf->wpa_disable_eapol_key_retries;
> - 	wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count;
> - 	wconf->rsn_pairwise = conf->rsn_pairwise;
> - 	wconf->rsn_preauth = conf->rsn_preauth;
> diff --git a/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch b/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch
> deleted file mode 100644
> index 5cc2f7b17d..0000000000
> --- a/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch
> +++ /dev/null
> @@ -1,100 +0,0 @@
> -From a6ea665300919d6a3af22b1f4237203647fda93a Mon Sep 17 00:00:00 2001
> -From: Jouni Malinen <j at w1.fi>
> -Date: Tue, 17 Oct 2017 00:01:11 +0300
> -Subject: [PATCH] Additional consistentcy checks for PTK component lengths
> -
> -Verify that TK, KCK, and KEK lengths are set to consistent values within
> -struct wpa_ptk before using them in supplicant. This is an additional
> -layer of protection against unexpected states.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> - src/common/wpa_common.c |  6 ++++++
> - src/rsn_supp/wpa.c      | 26 ++++++++++++++++++++------
> - 2 files changed, 26 insertions(+), 6 deletions(-)
> -
> ---- a/src/common/wpa_common.c
> -+++ b/src/common/wpa_common.c
> -@@ -100,6 +100,12 @@ int wpa_eapol_key_mic(const u8 *key, siz
> - {
> - 	u8 hash[SHA512_MAC_LEN];
> - 
> -+	if (key_len == 0) {
> -+		wpa_printf(MSG_DEBUG,
> -+			   "WPA: KCK not set - cannot calculate MIC");
> -+		return -1;
> -+	}
> -+
> - 	switch (ver) {
> - #ifndef CONFIG_FIPS
> - 	case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -725,6 +725,11 @@ static int wpa_supplicant_install_ptk(st
> - 
> - 	alg = wpa_cipher_to_alg(sm->pairwise_cipher);
> - 	keylen = wpa_cipher_key_len(sm->pairwise_cipher);
> -+	if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
> -+		wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu",
> -+			   keylen, (long unsigned int) sm->ptk.tk_len);
> -+		return -1;
> -+	}
> - 	rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
> - 
> - 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
> -@@ -745,6 +750,7 @@ static int wpa_supplicant_install_ptk(st
> - 
> - 	/* TK is not needed anymore in supplicant */
> - 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
> -+	sm->ptk.tk_len = 0;
> - 	sm->ptk.installed = 1;
> - 
> - 	if (sm->wpa_ptk_rekey) {
> -@@ -1717,9 +1723,10 @@ static int wpa_supplicant_verify_eapol_k
> - 	os_memcpy(mic, key + 1, mic_len);
> - 	if (sm->tptk_set) {
> - 		os_memset(key + 1, 0, mic_len);
> --		wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
> --				  ver, buf, len, (u8 *) (key + 1));
> --		if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
> -+		if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len,
> -+				      sm->key_mgmt,
> -+				      ver, buf, len, (u8 *) (key + 1)) < 0 ||
> -+		    os_memcmp_const(mic, key + 1, mic_len) != 0) {
> - 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> - 				"WPA: Invalid EAPOL-Key MIC "
> - 				"when using TPTK - ignoring TPTK");
> -@@ -1742,9 +1749,10 @@ static int wpa_supplicant_verify_eapol_k
> - 
> - 	if (!ok && sm->ptk_set) {
> - 		os_memset(key + 1, 0, mic_len);
> --		wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
> --				  ver, buf, len, (u8 *) (key + 1));
> --		if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
> -+		if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len,
> -+				      sm->key_mgmt,
> -+				      ver, buf, len, (u8 *) (key + 1)) < 0 ||
> -+		    os_memcmp_const(mic, key + 1, mic_len) != 0) {
> - 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> - 				"WPA: Invalid EAPOL-Key MIC - "
> - 				"dropping packet");
> -@@ -4167,6 +4175,11 @@ int fils_process_assoc_resp(struct wpa_s
> - 
> - 	alg = wpa_cipher_to_alg(sm->pairwise_cipher);
> - 	keylen = wpa_cipher_key_len(sm->pairwise_cipher);
> -+	if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
> -+		wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu",
> -+			   keylen, (long unsigned int) sm->ptk.tk_len);
> -+		goto fail;
> -+	}
> - 	rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
> - 	wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver",
> - 			sm->ptk.tk, keylen);
> -@@ -4183,6 +4196,7 @@ int fils_process_assoc_resp(struct wpa_s
> - 	 * takes care of association frame encryption/decryption. */
> - 	/* TK is not needed anymore in supplicant */
> - 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
> -+	sm->ptk.tk_len = 0;
> - 	sm->ptk.installed = 1;
> - 
> - 	/* FILS HLP Container */
> diff --git a/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch b/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch
> deleted file mode 100644
> index 808d34586b..0000000000
> --- a/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch
> +++ /dev/null
> @@ -1,25 +0,0 @@
> -From c0fe5f125a9d4a6564e1f4956ccc3809bf2fd69d Mon Sep 17 00:00:00 2001
> -From: Jouni Malinen <j at w1.fi>
> -Date: Tue, 17 Oct 2017 01:15:24 +0300
> -Subject: [PATCH] Clear BSSID information in supplicant state machine on
> - disconnection
> -
> -This fixes a corner case where RSN pre-authentication candidate from
> -scan results was ignored if the station was associated with that BSS
> -just before running the new scan for the connection.
> -
> -Signed-off-by: Jouni Malinen <j at w1.fi>
> ----
> - src/rsn_supp/wpa.c | 1 +
> - 1 file changed, 1 insertion(+)
> -
> ---- a/src/rsn_supp/wpa.c
> -+++ b/src/rsn_supp/wpa.c
> -@@ -2662,6 +2662,7 @@ void wpa_sm_notify_disassoc(struct wpa_s
> - 	wpa_sm_drop_sa(sm);
> - 
> - 	sm->msg_3_of_4_ok = 0;
> -+	os_memset(sm->bssid, 0, ETH_ALEN);
> - }
> - 
> - 
> diff --git a/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch b/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
> deleted file mode 100644
> index 13426e4db1..0000000000
> --- a/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
> +++ /dev/null
> @@ -1,35 +0,0 @@
> -From 114f2830d2c2aee6db23d48240e93415a256a37c Mon Sep 17 00:00:00 2001
> -From: Jouni Malinen <jouni at qca.qualcomm.com>
> -Date: Fri, 20 Oct 2017 17:39:42 +0300
> -Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0 case
> -
> -The hostapd wnm_sleep_mode parameter was previously used to control
> -advertisement of WNM-Sleep Mode support, but it was not used when
> -processing a request to use WNM-Sleep Mode. Add an explicit check during
> -request processing as well so that any misbehaving station is ignored.
> -
> -Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
> ----
> - src/ap/wnm_ap.c | 7 +++++++
> - 1 file changed, 7 insertions(+)
> -
> -diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
> -index 7c4fde0..973e4d3 100644
> ---- a/src/ap/wnm_ap.c
> -+++ b/src/ap/wnm_ap.c
> -@@ -200,6 +200,13 @@ static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd,
> - 	u8 *tfsreq_ie_end = NULL;
> - 	u16 tfsreq_ie_len = 0;
> - 
> -+	if (!hapd->conf->wnm_sleep_mode) {
> -+		wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from "
> -+			   MACSTR " since WNM-Sleep Mode is disabled",
> -+			   MAC2STR(addr));
> -+		return;
> -+	}
> -+
> - 	dialog_token = *pos++;
> - 	while (pos + 1 < frm + len) {
> - 		u8 ie_len = pos[1];
> --- 
> -2.1.4
> diff --git a/package/network/services/hostapd/patches/110-no_eapol_fix.patch b/package/network/services/hostapd/patches/110-no_eapol_fix.patch
> index 3a48a7a95f..b8e057e2fa 100644
> --- a/package/network/services/hostapd/patches/110-no_eapol_fix.patch
> +++ b/package/network/services/hostapd/patches/110-no_eapol_fix.patch
> @@ -1,6 +1,6 @@
>  --- a/wpa_supplicant/wpa_supplicant.c
>  +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -265,9 +265,10 @@ void wpa_supplicant_cancel_auth_timeout(
> +@@ -272,9 +272,10 @@ void wpa_supplicant_cancel_auth_timeout(
>    */
>   void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
>   {
> diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch
> index 0d289d53a3..70b2aaea7f 100644
> --- a/package/network/services/hostapd/patches/200-multicall.patch
> +++ b/package/network/services/hostapd/patches/200-multicall.patch
> @@ -36,7 +36,7 @@
>   LIBS += $(DRV_AP_LIBS)
>   
>   ifdef CONFIG_L2_PACKET
> -@@ -1204,6 +1210,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
> +@@ -1270,6 +1276,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
>   
>   BCHECK=../src/drivers/build.hostapd
>   
> @@ -49,7 +49,7 @@
>   hostapd: $(BCHECK) $(OBJS)
>   	$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
>   	@$(E) "  LD " $@
> -@@ -1248,6 +1260,12 @@ ifeq ($(CONFIG_TLS), linux)
> +@@ -1315,6 +1327,12 @@ ifeq ($(CONFIG_TLS), linux)
>   HOBJS += ../src/crypto/crypto_linux.o
>   endif
>   
> @@ -72,7 +72,7 @@
>   
>   ifndef CONFIG_NO_GITVER
>   # Add VERSION_STR postfix for builds from a git repository
> -@@ -357,7 +358,9 @@ endif
> +@@ -358,7 +359,9 @@ endif
>   ifdef CONFIG_IBSS_RSN
>   NEED_RSN_AUTHENTICATOR=y
>   CFLAGS += -DCONFIG_IBSS_RSN
> @@ -82,7 +82,7 @@
>   OBJS += ibss_rsn.o
>   endif
>   
> -@@ -861,6 +864,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
> +@@ -866,6 +869,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
>   CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
>   LIBS += -ldl -rdynamic
>   endif
> @@ -93,7 +93,7 @@
>   endif
>   
>   ifdef CONFIG_AP
> -@@ -868,9 +875,11 @@ NEED_EAP_COMMON=y
> +@@ -873,9 +880,11 @@ NEED_EAP_COMMON=y
>   NEED_RSN_AUTHENTICATOR=y
>   CFLAGS += -DCONFIG_AP
>   OBJS += ap.o
> @@ -105,7 +105,7 @@
>   OBJS += ../src/ap/hostapd.o
>   OBJS += ../src/ap/wpa_auth_glue.o
>   OBJS += ../src/ap/utils.o
> -@@ -952,6 +961,12 @@ endif
> +@@ -957,6 +966,12 @@ endif
>   ifdef CONFIG_HS20
>   OBJS += ../src/ap/hs20.o
>   endif
> @@ -118,7 +118,7 @@
>   endif
>   
>   ifdef CONFIG_MBO
> -@@ -960,7 +975,9 @@ CFLAGS += -DCONFIG_MBO
> +@@ -965,7 +980,9 @@ CFLAGS += -DCONFIG_MBO
>   endif
>   
>   ifdef NEED_RSN_AUTHENTICATOR
> @@ -128,7 +128,7 @@
>   NEED_AES_WRAP=y
>   OBJS += ../src/ap/wpa_auth.o
>   OBJS += ../src/ap/wpa_auth_ie.o
> -@@ -1835,6 +1852,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
> +@@ -1895,6 +1912,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
>   
>   $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
>   
> @@ -141,7 +141,7 @@
>   wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
>   	$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
>   	@$(E) "  LD " $@
> -@@ -1937,6 +1960,12 @@ endif
> +@@ -1997,6 +2020,12 @@ endif
>   		-e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@
>   	@$(E) "  sed" $<
>   
> @@ -156,7 +156,7 @@
>   wpa_cli.exe: wpa_cli
>  --- a/src/drivers/driver.h
>  +++ b/src/drivers/driver.h
> -@@ -5317,8 +5317,8 @@ union wpa_event_data {
> +@@ -5385,8 +5385,8 @@ union wpa_event_data {
>    * Driver wrapper code should call this function whenever an event is received
>    * from the driver.
>    */
> @@ -167,7 +167,7 @@
>   
>   /**
>    * wpa_supplicant_event_global - Report a driver event for wpa_supplicant
> -@@ -5330,7 +5330,7 @@ void wpa_supplicant_event(void *ctx, enu
> +@@ -5398,7 +5398,7 @@ void wpa_supplicant_event(void *ctx, enu
>    * Same as wpa_supplicant_event(), but we search for the interface in
>    * wpa_global.
>    */
> @@ -178,7 +178,7 @@
>   /*
>  --- a/src/ap/drv_callbacks.c
>  +++ b/src/ap/drv_callbacks.c
> -@@ -1375,8 +1375,8 @@ static void hostapd_event_dfs_cac_starte
> +@@ -1406,8 +1406,8 @@ static void hostapd_event_dfs_cac_starte
>   #endif /* NEED_AP_MLME */
>   
>   
> @@ -189,7 +189,7 @@
>   {
>   	struct hostapd_data *hapd = ctx;
>   #ifndef CONFIG_NO_STDOUT_DEBUG
> -@@ -1590,7 +1590,7 @@ void wpa_supplicant_event(void *ctx, enu
> +@@ -1621,7 +1621,7 @@ void wpa_supplicant_event(void *ctx, enu
>   }
>   
>   
> @@ -211,7 +211,7 @@
>   {
>   	struct wpa_priv_interface *iface = ctx;
>   
> -@@ -1101,7 +1101,7 @@ void wpa_supplicant_event(void *ctx, enu
> +@@ -1095,7 +1095,7 @@ void wpa_supplicant_event(void *ctx, enu
>   }
>   
>   
> @@ -220,7 +220,7 @@
>   				 union wpa_event_data *data)
>   {
>   	struct wpa_priv_global *global = ctx;
> -@@ -1213,6 +1213,8 @@ int main(int argc, char *argv[])
> +@@ -1207,6 +1207,8 @@ int main(int argc, char *argv[])
>   	if (os_program_init())
>   		return -1;
>   
> @@ -231,7 +231,7 @@
>   	os_memset(&global, 0, sizeof(global));
>  --- a/wpa_supplicant/events.c
>  +++ b/wpa_supplicant/events.c
> -@@ -3709,8 +3709,8 @@ static void wpa_supplicant_event_assoc_a
> +@@ -3812,8 +3812,8 @@ static void wpa_supplicant_event_assoc_a
>   }
>   
>   
> @@ -242,7 +242,7 @@
>   {
>   	struct wpa_supplicant *wpa_s = ctx;
>   	int resched;
> -@@ -4466,7 +4466,7 @@ void wpa_supplicant_event(void *ctx, enu
> +@@ -4616,7 +4616,7 @@ void wpa_supplicant_event(void *ctx, enu
>   }
>   
>   
> @@ -253,7 +253,7 @@
>   	struct wpa_supplicant *wpa_s;
>  --- a/wpa_supplicant/wpa_supplicant.c
>  +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -5457,7 +5457,6 @@ struct wpa_interface * wpa_supplicant_ma
> +@@ -5678,7 +5678,6 @@ struct wpa_interface * wpa_supplicant_ma
>   	return NULL;
>   }
>   
> @@ -261,7 +261,7 @@
>   /**
>    * wpa_supplicant_match_existing - Match existing interfaces
>    * @global: Pointer to global data from wpa_supplicant_init()
> -@@ -5494,6 +5493,11 @@ static int wpa_supplicant_match_existing
> +@@ -5715,6 +5714,11 @@ static int wpa_supplicant_match_existing
>   
>   #endif /* CONFIG_MATCH_IFACE */
>   
> @@ -273,7 +273,7 @@
>   
>   /**
>    * wpa_supplicant_add_iface - Add a new network interface
> -@@ -5750,6 +5754,8 @@ struct wpa_global * wpa_supplicant_init(
> +@@ -5971,6 +5975,8 @@ struct wpa_global * wpa_supplicant_init(
>   #ifndef CONFIG_NO_WPA_MSG
>   	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
>   #endif /* CONFIG_NO_WPA_MSG */
> @@ -284,7 +284,7 @@
>   		wpa_debug_open_file(params->wpa_debug_file_path);
>  --- a/hostapd/main.c
>  +++ b/hostapd/main.c
> -@@ -590,6 +590,11 @@ fail:
> +@@ -591,6 +591,11 @@ fail:
>   	return -1;
>   }
>   
> @@ -296,9 +296,9 @@
>   
>   #ifdef CONFIG_WPS
>   static int gen_uuid(const char *txt_addr)
> -@@ -670,6 +675,8 @@ int main(int argc, char *argv[])
> - 	dl_list_init(&interfaces.eth_p_oui);
> - #endif /* CONFIG_ETH_P_OUI */
> +@@ -674,6 +679,8 @@ int main(int argc, char *argv[])
> + 	hostapd_dpp_init_global(&interfaces);
> + #endif /* CONFIG_DPP */
>   
>  +	wpa_supplicant_event = hostapd_wpa_event;
>  +	wpa_supplicant_event_global = hostapd_wpa_event_global;
> diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch
> index c8ca3694c0..d07fe9bb84 100644
> --- a/package/network/services/hostapd/patches/300-noscan.patch
> +++ b/package/network/services/hostapd/patches/300-noscan.patch
> @@ -1,6 +1,6 @@
>  --- a/hostapd/config_file.c
>  +++ b/hostapd/config_file.c
> -@@ -3016,6 +3016,10 @@ static int hostapd_config_fill(struct ho
> +@@ -3086,6 +3086,10 @@ static int hostapd_config_fill(struct ho
>   		}
>   #endif /* CONFIG_IEEE80211W */
>   #ifdef CONFIG_IEEE80211N
> @@ -13,7 +13,7 @@
>   	} else if (os_strcmp(buf, "ht_capab") == 0) {
>  --- a/src/ap/ap_config.h
>  +++ b/src/ap/ap_config.h
> -@@ -735,6 +735,8 @@ struct hostapd_config {
> +@@ -750,6 +750,8 @@ struct hostapd_config {
>   
>   	int ht_op_mode_fixed;
>   	u16 ht_capab;
> diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch
> index 6846db2750..552fd182e4 100644
> --- a/package/network/services/hostapd/patches/310-rescan_immediately.patch
> +++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch
> @@ -1,6 +1,6 @@
>  --- a/wpa_supplicant/wpa_supplicant.c
>  +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -3927,7 +3927,7 @@ wpa_supplicant_alloc(struct wpa_supplica
> +@@ -4126,7 +4126,7 @@ wpa_supplicant_alloc(struct wpa_supplica
>   	if (wpa_s == NULL)
>   		return NULL;
>   	wpa_s->scan_req = INITIAL_SCAN_REQ;
> diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
> index 3bc916b6b8..272d4f9240 100644
> --- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
> +++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
> @@ -1,6 +1,6 @@
>  --- a/src/drivers/driver_nl80211.c
>  +++ b/src/drivers/driver_nl80211.c
> -@@ -4152,7 +4152,7 @@ static int nl80211_set_channel(struct i8
> +@@ -4231,7 +4231,7 @@ static int nl80211_set_channel(struct i8
>   		   freq->freq, freq->ht_enabled, freq->vht_enabled,
>   		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
>   
> diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
> index 92e6ae9ae0..ca3d61e890 100644
> --- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
> +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
> @@ -1,6 +1,6 @@
>  --- a/src/drivers/driver_nl80211.c
>  +++ b/src/drivers/driver_nl80211.c
> -@@ -2536,10 +2536,15 @@ static int wpa_driver_nl80211_del_beacon
> +@@ -2563,10 +2563,15 @@ static int wpa_driver_nl80211_del_beacon
>   	struct nl_msg *msg;
>   	struct wpa_driver_nl80211_data *drv = bss->drv;
>   
> @@ -18,7 +18,7 @@
>   	return send_and_recv_msgs(drv, msg, NULL, NULL);
>   }
>   
> -@@ -4753,7 +4758,7 @@ static void nl80211_teardown_ap(struct i
> +@@ -4832,7 +4837,7 @@ static void nl80211_teardown_ap(struct i
>   		nl80211_mgmt_unsubscribe(bss, "AP teardown");
>   
>   	nl80211_put_wiphy_data_ap(bss);
> @@ -27,7 +27,7 @@
>   }
>   
>   
> -@@ -6853,8 +6858,6 @@ static int wpa_driver_nl80211_if_remove(
> +@@ -7031,8 +7036,6 @@ static int wpa_driver_nl80211_if_remove(
>   	} else {
>   		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
>   		nl80211_teardown_ap(bss);
> @@ -36,7 +36,7 @@
>   		nl80211_destroy_bss(bss);
>   		if (!bss->added_if)
>   			i802_set_iface_flags(bss, 0);
> -@@ -7225,7 +7228,6 @@ static int wpa_driver_nl80211_deinit_ap(
> +@@ -7403,7 +7406,6 @@ static int wpa_driver_nl80211_deinit_ap(
>   	if (!is_ap_interface(drv->nlmode))
>   		return -1;
>   	wpa_driver_nl80211_del_beacon(bss);
> @@ -44,7 +44,7 @@
>   
>   	/*
>   	 * If the P2P GO interface was dynamically added, then it is
> -@@ -7245,7 +7247,6 @@ static int wpa_driver_nl80211_stop_ap(vo
> +@@ -7423,7 +7425,6 @@ static int wpa_driver_nl80211_stop_ap(vo
>   	if (!is_ap_interface(drv->nlmode))
>   		return -1;
>   	wpa_driver_nl80211_del_beacon(bss);
> diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
> index 043ddbf889..f174f8fe7f 100644
> --- a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
> +++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
> @@ -1,6 +1,6 @@
>  --- a/hostapd/ctrl_iface.c
>  +++ b/hostapd/ctrl_iface.c
> -@@ -56,6 +56,7 @@
> +@@ -60,6 +60,7 @@
>   #include "fst/fst_ctrl_iface.h"
>   #include "config_file.h"
>   #include "ctrl_iface.h"
> @@ -8,7 +8,7 @@
>   
>   
>   #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
> -@@ -74,6 +75,7 @@ static void hostapd_ctrl_iface_send(stru
> +@@ -78,6 +79,7 @@ static void hostapd_ctrl_iface_send(stru
>   				    enum wpa_msg_type type,
>   				    const char *buf, size_t len);
>   
> @@ -16,7 +16,7 @@
>   
>   static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
>   				     struct sockaddr_storage *from,
> -@@ -125,6 +127,61 @@ static int hostapd_ctrl_iface_new_sta(st
> +@@ -129,6 +131,61 @@ static int hostapd_ctrl_iface_new_sta(st
>   	return 0;
>   }
>   
> @@ -78,7 +78,7 @@
>   
>   #ifdef CONFIG_IEEE80211W
>   #ifdef NEED_AP_MLME
> -@@ -2607,6 +2664,8 @@ static int hostapd_ctrl_iface_receive_pr
> +@@ -3024,6 +3081,8 @@ static int hostapd_ctrl_iface_receive_pr
>   	} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
>   		reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
>   						      reply_size);
> @@ -89,7 +89,7 @@
>   #ifdef RADIUS_SERVER
>  --- a/src/ap/ctrl_iface_ap.c
>  +++ b/src/ap/ctrl_iface_ap.c
> -@@ -624,7 +624,13 @@ int hostapd_parse_csa_settings(const cha
> +@@ -850,7 +850,13 @@ int hostapd_parse_csa_settings(const cha
>   
>   int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
>   {
> diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch
> index a37b193b6b..91731d34c0 100644
> --- a/package/network/services/hostapd/patches/370-ap_sta_support.patch
> +++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch
> @@ -12,7 +12,7 @@
>   	 * bridge_ifname - Optional bridge interface name
>   	 *
>   	 * If the driver interface (ifname) is included in a Linux bridge
> -@@ -512,6 +517,8 @@ struct wpa_supplicant {
> +@@ -513,6 +518,8 @@ struct wpa_supplicant {
>   #endif /* CONFIG_CTRL_IFACE_BINDER */
>   	char bridge_ifname[16];
>   
> @@ -45,8 +45,8 @@
>   CONFIG_OS=win32
>  --- a/wpa_supplicant/wpa_supplicant.c
>  +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -118,6 +118,55 @@ const char *const wpa_supplicant_full_li
> - static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
> +@@ -125,6 +125,55 @@ static void wpas_update_fils_connect_par
> + #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
>   
>   
>  +static int hostapd_stop(struct wpa_supplicant *wpa_s)
> @@ -101,12 +101,16 @@
>   /* Configure default/group WEP keys for static WEP */
>   int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
>   {
> -@@ -883,8 +932,12 @@ void wpa_supplicant_set_state(struct wpa
> - 		wpas_p2p_completed(wpa_s);
> +@@ -893,12 +942,16 @@ void wpa_supplicant_set_state(struct wpa
>   
>   		sme_sched_obss_scan(wpa_s, 1);
> + 
>  +		if (wpa_s->hostapd)
>  +			hostapd_reload(wpa_s, wpa_s->current_bss);
> + #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
> + 		if (!fils_hlp_sent && ssid && ssid->eap.erp)
> + 			wpas_update_fils_connect_params(wpa_s);
> + #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
>   	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
>   		   state == WPA_ASSOCIATED) {
>  +		if (wpa_s->hostapd)
> @@ -114,7 +118,7 @@
>   		wpa_s->new_connection = 1;
>   		wpa_drv_set_operstate(wpa_s, 0);
>   #ifndef IEEE8021X_EAPOL
> -@@ -5080,6 +5133,20 @@ static int wpa_supplicant_init_iface(str
> +@@ -5301,6 +5354,20 @@ static int wpa_supplicant_init_iface(str
>   			   sizeof(wpa_s->bridge_ifname));
>   	}
>   
> @@ -135,7 +139,7 @@
>   	/* RSNA Supplicant Key Management - INITIALIZE */
>   	eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
>   	eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
> -@@ -5404,6 +5471,11 @@ static void wpa_supplicant_deinit_iface(
> +@@ -5625,6 +5692,11 @@ static void wpa_supplicant_deinit_iface(
>   	if (terminate)
>   		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
>   
> diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
> index e977f00a25..6dfe26cb4e 100644
> --- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
> +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
> @@ -12,7 +12,7 @@
>   else
>  --- a/hostapd/ctrl_iface.c
>  +++ b/hostapd/ctrl_iface.c
> -@@ -2458,6 +2458,7 @@ static int hostapd_ctrl_iface_receive_pr
> +@@ -2850,6 +2850,7 @@ static int hostapd_ctrl_iface_receive_pr
>   						      reply_size);
>   	} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
>   		reply_len = hostapd_drv_status(hapd, reply, reply_size);
> @@ -20,17 +20,17 @@
>   	} else if (os_strcmp(buf, "MIB") == 0) {
>   		reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
>   		if (reply_len >= 0) {
> -@@ -2499,6 +2500,7 @@ static int hostapd_ctrl_iface_receive_pr
> +@@ -2891,6 +2892,7 @@ static int hostapd_ctrl_iface_receive_pr
>   	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
>   		reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
>   							reply_size);
>  +#endif
>   	} else if (os_strcmp(buf, "ATTACH") == 0) {
> - 		if (hostapd_ctrl_iface_attach(hapd, from, fromlen))
> + 		if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL))
>   			reply_len = -1;
>  --- a/wpa_supplicant/Makefile
>  +++ b/wpa_supplicant/Makefile
> -@@ -926,6 +926,9 @@ ifdef CONFIG_FILS
> +@@ -931,6 +931,9 @@ ifdef CONFIG_FILS
>   OBJS += ../src/ap/fils_hlp.o
>   endif
>   ifdef CONFIG_CTRL_IFACE
> @@ -42,7 +42,7 @@
>   
>  --- a/wpa_supplicant/ctrl_iface.c
>  +++ b/wpa_supplicant/ctrl_iface.c
> -@@ -2070,7 +2070,7 @@ static int wpa_supplicant_ctrl_iface_sta
> +@@ -2130,7 +2130,7 @@ static int wpa_supplicant_ctrl_iface_sta
>   			pos += ret;
>   		}
>   
> @@ -51,7 +51,7 @@
>   		if (wpa_s->ap_iface) {
>   			pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
>   							    end - pos,
> -@@ -9631,6 +9631,7 @@ char * wpa_supplicant_ctrl_iface_process
> +@@ -9831,6 +9831,7 @@ char * wpa_supplicant_ctrl_iface_process
>   			reply_len = -1;
>   	} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
>   		wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
> @@ -59,7 +59,7 @@
>   	} else if (os_strcmp(buf, "MIB") == 0) {
>   		reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
>   		if (reply_len >= 0) {
> -@@ -9638,6 +9639,7 @@ char * wpa_supplicant_ctrl_iface_process
> +@@ -9838,6 +9839,7 @@ char * wpa_supplicant_ctrl_iface_process
>   						      reply + reply_len,
>   						      reply_size - reply_len);
>   		}
> @@ -67,7 +67,7 @@
>   	} else if (os_strncmp(buf, "STATUS", 6) == 0) {
>   		reply_len = wpa_supplicant_ctrl_iface_status(
>   			wpa_s, buf + 6, reply, reply_size);
> -@@ -10124,6 +10126,7 @@ char * wpa_supplicant_ctrl_iface_process
> +@@ -10319,6 +10321,7 @@ char * wpa_supplicant_ctrl_iface_process
>   		reply_len = wpa_supplicant_ctrl_iface_bss(
>   			wpa_s, buf + 4, reply, reply_size);
>   #ifdef CONFIG_AP
> @@ -75,7 +75,7 @@
>   	} else if (os_strcmp(buf, "STA-FIRST") == 0) {
>   		reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
>   	} else if (os_strncmp(buf, "STA ", 4) == 0) {
> -@@ -10132,12 +10135,15 @@ char * wpa_supplicant_ctrl_iface_process
> +@@ -10327,12 +10330,15 @@ char * wpa_supplicant_ctrl_iface_process
>   	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
>   		reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
>   						   reply_size);
> @@ -99,9 +99,9 @@
>   
>  +#ifdef CONFIG_CTRL_IFACE_MIB
>   
> - static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd,
> - 				 struct sta_info *sta,
> -@@ -250,6 +251,7 @@ int hostapd_ctrl_iface_sta_next(struct h
> + static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
> + 					   size_t curr_len, const u8 *mcs_set)
> +@@ -401,6 +402,7 @@ int hostapd_ctrl_iface_sta_next(struct h
>   	return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
>   }
>   
> @@ -109,9 +109,24 @@
>   
>   #ifdef CONFIG_P2P_MANAGER
>   static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
> +@@ -739,12 +741,12 @@ int hostapd_ctrl_iface_status(struct hos
> + 			return len;
> + 		len += ret;
> + 	}
> +-
> ++#ifdef CONFIG_CTRL_IFACE_MIB
> + 	if (iface->conf->ieee80211n && !hapd->conf->disable_11n && mode) {
> + 		len = hostapd_write_ht_mcs_bitmask(buf, buflen, len,
> + 						   mode->mcs_set);
> + 	}
> +-
> ++#endif /* CONFIG_CTRL_IFACE_MIB */
> + 	if (iface->current_rates && iface->num_rates) {
> + 		ret = os_snprintf(buf + len, buflen - len, "supported_rates=");
> + 		if (os_snprintf_error(buflen - len, ret))
>  --- a/src/ap/ieee802_1x.c
>  +++ b/src/ap/ieee802_1x.c
> -@@ -2492,6 +2492,7 @@ static const char * bool_txt(Boolean val
> +@@ -2501,6 +2501,7 @@ static const char * bool_txt(Boolean val
>   	return val ? "TRUE" : "FALSE";
>   }
>   
> @@ -119,7 +134,7 @@
>   
>   int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
>   {
> -@@ -2667,6 +2668,7 @@ int ieee802_1x_get_mib_sta(struct hostap
> +@@ -2676,6 +2677,7 @@ int ieee802_1x_get_mib_sta(struct hostap
>   	return len;
>   }
>   
> @@ -129,7 +144,7 @@
>   static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
>  --- a/src/ap/wpa_auth.c
>  +++ b/src/ap/wpa_auth.c
> -@@ -3780,6 +3780,7 @@ static const char * wpa_bool_txt(int val
> +@@ -3785,6 +3785,7 @@ static const char * wpa_bool_txt(int val
>   	return val ? "TRUE" : "FALSE";
>   }
>   
> @@ -137,7 +152,7 @@
>   
>   #define RSN_SUITE "%02x-%02x-%02x-%d"
>   #define RSN_SUITE_ARG(s) \
> -@@ -3924,7 +3925,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
> +@@ -3929,7 +3930,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
>   
>   	return len;
>   }
> @@ -148,7 +163,7 @@
>   {
>  --- a/src/rsn_supp/wpa.c
>  +++ b/src/rsn_supp/wpa.c
> -@@ -2356,6 +2356,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
> +@@ -2306,6 +2306,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
>   }
>   
>   
> @@ -157,7 +172,7 @@
>   #define RSN_SUITE "%02x-%02x-%02x-%d"
>   #define RSN_SUITE_ARG(s) \
>   ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
> -@@ -2439,6 +2441,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
> +@@ -2389,6 +2391,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
>   
>   	return (int) len;
>   }
> @@ -167,7 +182,7 @@
>   
>  --- a/wpa_supplicant/ap.c
>  +++ b/wpa_supplicant/ap.c
> -@@ -1139,7 +1139,7 @@ int wpas_ap_wps_nfc_report_handover(stru
> +@@ -1170,7 +1170,7 @@ int wpas_ap_wps_nfc_report_handover(stru
>   #endif /* CONFIG_WPS */
>   
>   
> diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
> index 8f7a6879ca..a62cb3afcd 100644
> --- a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
> +++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
> @@ -1,6 +1,6 @@
>  --- a/src/common/wpa_common.c
>  +++ b/src/common/wpa_common.c
> -@@ -1675,6 +1675,31 @@ u32 wpa_akm_to_suite(int akm)
> +@@ -1735,6 +1735,31 @@ u32 wpa_akm_to_suite(int akm)
>   }
>   
>   
> @@ -32,7 +32,7 @@
>   int wpa_compare_rsn_ie(int ft_initial_assoc,
>   		       const u8 *ie1, size_t ie1len,
>   		       const u8 *ie2, size_t ie2len)
> -@@ -1682,8 +1707,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
> +@@ -1742,8 +1767,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
>   	if (ie1 == NULL || ie2 == NULL)
>   		return -1;
>   
> diff --git a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
> index c10176371f..ea144f4def 100644
> --- a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
> +++ b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
> @@ -10,8 +10,8 @@
>   			bss->wpa_pairwise |= WPA_CIPHER_TKIP;
>   		bss->rsn_pairwise = bss->wpa_pairwise;
>   		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
> -@@ -1067,8 +1066,7 @@ int hostapd_init_wps(struct hostapd_data
> - 		if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) {
> +@@ -1069,8 +1068,7 @@ int hostapd_init_wps(struct hostapd_data
> + 					  WPA_CIPHER_GCMP_256)) {
>   			wps->encr_types |= WPS_ENCR_AES;
>   			wps->encr_types_rsn |= WPS_ENCR_AES;
>  -		}
> diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch
> index 2b529ca3e6..d582c8574c 100644
> --- a/package/network/services/hostapd/patches/420-indicate-features.patch
> +++ b/package/network/services/hostapd/patches/420-indicate-features.patch
> @@ -8,7 +8,7 @@
>   #include "crypto/random.h"
>   #include "crypto/tls.h"
>   #include "common/version.h"
> -@@ -678,7 +679,7 @@ int main(int argc, char *argv[])
> +@@ -682,7 +683,7 @@ int main(int argc, char *argv[])
>   	wpa_supplicant_event = hostapd_wpa_event;
>   	wpa_supplicant_event_global = hostapd_wpa_event_global;
>   	for (;;) {
> @@ -17,7 +17,7 @@
>   		if (c < 0)
>   			break;
>   		switch (c) {
> -@@ -715,6 +716,8 @@ int main(int argc, char *argv[])
> +@@ -719,6 +720,8 @@ int main(int argc, char *argv[])
>   			break;
>   #endif /* CONFIG_DEBUG_LINUX_TRACING */
>   		case 'v':
> diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
> index 32cab7ff62..07b4cc3cb0 100644
> --- a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
> +++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
> @@ -16,7 +16,7 @@
>   
>   
>   static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
> -@@ -1476,7 +1474,6 @@ static const struct hostapd_cli_cmd host
> +@@ -1504,7 +1502,6 @@ static const struct hostapd_cli_cmd host
>   	{ "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations,
>   	  "<addr> = send SA Query to a station" },
>   #endif /* CONFIG_IEEE80211W */
> @@ -24,7 +24,7 @@
>   	{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
>   	  "<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
>   	{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
> -@@ -1501,7 +1498,6 @@ static const struct hostapd_cli_cmd host
> +@@ -1529,7 +1526,6 @@ static const struct hostapd_cli_cmd host
>   	  "<SSID> <auth> <encr> <key> = configure AP" },
>   	{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
>   	  "= show current WPS status" },
> diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch
> index 463a362911..9620ecc520 100644
> --- a/package/network/services/hostapd/patches/450-scan_wait.patch
> +++ b/package/network/services/hostapd/patches/450-scan_wait.patch
> @@ -1,6 +1,6 @@
>  --- a/hostapd/main.c
>  +++ b/hostapd/main.c
> -@@ -37,6 +37,8 @@ struct hapd_global {
> +@@ -38,6 +38,8 @@ struct hapd_global {
>   };
>   
>   static struct hapd_global global;
> @@ -9,7 +9,7 @@
>   
>   
>   #ifndef CONFIG_NO_HOSTAPD_LOGGER
> -@@ -147,6 +149,14 @@ static void hostapd_logger_cb(void *ctx,
> +@@ -148,6 +150,14 @@ static void hostapd_logger_cb(void *ctx,
>   }
>   #endif /* CONFIG_NO_HOSTAPD_LOGGER */
>   
> @@ -24,7 +24,7 @@
>   
>   /**
>    * hostapd_driver_init - Preparate driver interface
> -@@ -165,6 +175,8 @@ static int hostapd_driver_init(struct ho
> +@@ -166,6 +176,8 @@ static int hostapd_driver_init(struct ho
>   		return -1;
>   	}
>   
> @@ -33,7 +33,7 @@
>   	/* Initialize the driver interface */
>   	if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
>   		b = NULL;
> -@@ -405,8 +417,6 @@ static void hostapd_global_deinit(const
> +@@ -406,8 +418,6 @@ static void hostapd_global_deinit(const
>   #endif /* CONFIG_NATIVE_WINDOWS */
>   
>   	eap_server_unregister_methods();
> @@ -42,7 +42,7 @@
>   }
>   
>   
> -@@ -432,18 +442,6 @@ static int hostapd_global_run(struct hap
> +@@ -433,18 +443,6 @@ static int hostapd_global_run(struct hap
>   	}
>   #endif /* EAP_SERVER_TNC */
>   
> @@ -61,7 +61,7 @@
>   	eloop_run();
>   
>   	return 0;
> -@@ -645,8 +643,7 @@ int main(int argc, char *argv[])
> +@@ -646,8 +644,7 @@ int main(int argc, char *argv[])
>   	struct hapd_interfaces interfaces;
>   	int ret = 1;
>   	size_t i, j;
> diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
> index 213ee6d726..9df9239cb4 100644
> --- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
> +++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
> @@ -42,8 +42,8 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
>   #include "config.h"
>   
>   
> -@@ -1985,6 +1986,97 @@ static char * wpa_config_write_mka_ckn(c
> - #endif /* CONFIG_MACSEC */
> +@@ -2037,6 +2038,97 @@ static char * wpa_config_write_peerkey(c
> + #endif /* NO_CONFIG_WRITE */
>   
>   
>  +static int wpa_config_parse_mcast_rate(const struct parse_data *data,
> @@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
>   /* Helper macros for network block parser */
>   
>   #ifdef OFFSET
> -@@ -2224,6 +2316,8 @@ static const struct parse_data ssid_fiel
> +@@ -2279,6 +2371,8 @@ static const struct parse_data ssid_fiel
>   	{ INT(ap_max_inactivity) },
>   	{ INT(dtim_period) },
>   	{ INT(beacon_int) },
> @@ -162,7 +162,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
>   
>   
>   #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
> -@@ -735,6 +737,9 @@ struct wpa_ssid {
> +@@ -743,6 +745,9 @@ struct wpa_ssid {
>   	 */
>   	void *parent_cred;
>   
> @@ -174,7 +174,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
>   	 * macsec_policy - Determines the policy for MACsec secure session
>  --- a/wpa_supplicant/wpa_supplicant.c
>  +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -2781,6 +2781,12 @@ static void wpas_start_assoc_cb(struct w
> +@@ -2942,6 +2942,12 @@ static void wpas_start_assoc_cb(struct w
>   			params.beacon_int = ssid->beacon_int;
>   		else
>   			params.beacon_int = wpa_s->conf->beacon_int;
> @@ -186,4 +186,4 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
>  +		params.mcast_rate = ssid->mcast_rate;
>   	}
>   
> - 	params.wpa_ie = wpa_ie;
> + 	params.pairwise_suite = cipher_pairwise;
> diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
> index 11822366de..bf9020e2b6 100644
> --- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
> +++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
> @@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
>  
>  --- a/src/drivers/driver_nl80211.c
>  +++ b/src/drivers/driver_nl80211.c
> -@@ -5012,7 +5012,7 @@ static int wpa_driver_nl80211_ibss(struc
> +@@ -5091,7 +5091,7 @@ static int wpa_driver_nl80211_ibss(struc
>   				   struct wpa_driver_associate_params *params)
>   {
>   	struct nl_msg *msg;
> @@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
>   	int count = 0;
>   
>   	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
> -@@ -5039,6 +5039,37 @@ retry:
> +@@ -5118,6 +5118,37 @@ retry:
>   	    nl80211_put_beacon_int(msg, params->beacon_int))
>   		goto fail;
>   
> diff --git a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
> index 9b5ee4bbb3..80433b93be 100644
> --- a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
> +++ b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
> @@ -19,7 +19,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich at openmesh.com>
>  
>  --- a/src/drivers/driver.h
>  +++ b/src/drivers/driver.h
> -@@ -1424,6 +1424,7 @@ struct wpa_driver_mesh_join_params {
> +@@ -1394,6 +1394,7 @@ struct wpa_driver_mesh_join_params {
>   #define WPA_DRIVER_MESH_FLAG_SAE_AUTH	0x00000004
>   #define WPA_DRIVER_MESH_FLAG_AMPE	0x00000008
>   	unsigned int flags;
> @@ -29,7 +29,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich at openmesh.com>
>   /**
>  --- a/src/drivers/driver_nl80211.c
>  +++ b/src/drivers/driver_nl80211.c
> -@@ -8981,6 +8981,18 @@ static int nl80211_put_mesh_id(struct nl
> +@@ -9204,6 +9204,18 @@ static int nl80211_put_mesh_id(struct nl
>   }
>   
>   
> @@ -48,7 +48,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich at openmesh.com>
>   static int nl80211_put_mesh_config(struct nl_msg *msg,
>   				   struct wpa_driver_mesh_bss_params *params)
>   {
> -@@ -9039,6 +9051,7 @@ static int nl80211_join_mesh(struct i802
> +@@ -9262,6 +9274,7 @@ static int nl80211_join_mesh(struct i802
>   	    nl80211_put_basic_rates(msg, params->basic_rates) ||
>   	    nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
>   	    nl80211_put_beacon_int(msg, params->beacon_int) ||
> diff --git a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
> index 3833539489..4f8ea499c0 100644
> --- a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
> +++ b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
> @@ -1,6 +1,6 @@
>  --- a/wpa_supplicant/wpa_supplicant.c
>  +++ b/wpa_supplicant/wpa_supplicant.c
> -@@ -2010,11 +2010,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
> +@@ -2081,11 +2081,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
>   	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
>   		struct wpa_bss *bss = wpa_s->last_scan_res[j];
>   
> diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
> index acdc668a7b..6a0a89ece4 100644
> --- a/package/network/services/hostapd/patches/600-ubus_support.patch
> +++ b/package/network/services/hostapd/patches/600-ubus_support.patch
> @@ -22,7 +22,7 @@
>   
>   struct wpa_ctrl_dst;
>   struct radius_server_data;
> -@@ -122,6 +123,7 @@ struct hostapd_data {
> +@@ -129,6 +130,7 @@ struct hostapd_data {
>   	struct hostapd_iface *iface;
>   	struct hostapd_config *iconf;
>   	struct hostapd_bss_config *conf;
> @@ -30,7 +30,7 @@
>   	int interface_added; /* virtual interface added for this BSS */
>   	unsigned int started:1;
>   	unsigned int disabled:1;
> -@@ -370,6 +372,8 @@ struct hostapd_iface {
> +@@ -392,6 +394,8 @@ struct hostapd_iface {
>   	struct hostapd_config *conf;
>   	char phy[16]; /* Name of the PHY (radio) */
>   
> @@ -39,7 +39,7 @@
>   	enum hostapd_iface_state {
>   		HAPD_IFACE_UNINITIALIZED,
>   		HAPD_IFACE_DISABLED,
> -@@ -518,6 +522,7 @@ hostapd_alloc_bss_data(struct hostapd_if
> +@@ -544,6 +548,7 @@ hostapd_alloc_bss_data(struct hostapd_if
>   		       struct hostapd_bss_config *bss);
>   int hostapd_setup_interface(struct hostapd_iface *iface);
>   int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
> @@ -75,7 +75,7 @@
>   {
>   #ifdef NEED_AP_MLME
>   	u16 capab = hostapd_own_capab_info(hapd);
> -@@ -1711,6 +1714,7 @@ static int hostapd_setup_interface_compl
> +@@ -1807,6 +1810,7 @@ static int hostapd_setup_interface_compl
>   	if (err)
>   		goto fail;
>   
> @@ -83,7 +83,7 @@
>   	wpa_printf(MSG_DEBUG, "Completing interface initialization");
>   	if (iface->conf->channel) {
>   #ifdef NEED_AP_MLME
> -@@ -1890,6 +1894,7 @@ dfs_offload:
> +@@ -1987,6 +1991,7 @@ dfs_offload:
>   
>   fail:
>   	wpa_printf(MSG_ERROR, "Interface initialization failed");
> @@ -91,7 +91,7 @@
>   	hostapd_set_state(iface, HAPD_IFACE_DISABLED);
>   	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
>   #ifdef CONFIG_FST
> -@@ -2344,6 +2349,7 @@ void hostapd_interface_deinit_free(struc
> +@@ -2441,6 +2446,7 @@ void hostapd_interface_deinit_free(struc
>   		   (unsigned int) iface->conf->num_bss);
>   	driver = iface->bss[0]->driver;
>   	drv_priv = iface->bss[0]->drv_priv;
> @@ -101,7 +101,7 @@
>   		   __func__, driver, drv_priv);
>  --- a/src/ap/ieee802_11.c
>  +++ b/src/ap/ieee802_11.c
> -@@ -1587,12 +1587,13 @@ ieee802_11_set_radius_info(struct hostap
> +@@ -1662,12 +1662,13 @@ ieee802_11_set_radius_info(struct hostap
>   
>   
>   static void handle_auth(struct hostapd_data *hapd,
> @@ -117,7 +117,7 @@
>   	u16 fc;
>   	const u8 *challenge = NULL;
>   	u32 session_timeout, acct_interim_interval;
> -@@ -1603,6 +1604,11 @@ static void handle_auth(struct hostapd_d
> +@@ -1678,6 +1679,11 @@ static void handle_auth(struct hostapd_d
>   	char *identity = NULL;
>   	char *radius_cui = NULL;
>   	u16 seq_ctrl;
> @@ -129,7 +129,7 @@
>   
>   	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
>   		wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
> -@@ -1757,6 +1763,13 @@ static void handle_auth(struct hostapd_d
> +@@ -1836,6 +1842,13 @@ static void handle_auth(struct hostapd_d
>   		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
>   		goto fail;
>   	}
> @@ -143,7 +143,7 @@
>   	if (res == HOSTAPD_ACL_PENDING)
>   		return;
>   
> -@@ -2870,12 +2883,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
> +@@ -3098,12 +3111,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
>   
>   static void handle_assoc(struct hostapd_data *hapd,
>   			 const struct ieee80211_mgmt *mgmt, size_t len,
> @@ -158,7 +158,7 @@
>   	struct sta_info *sta;
>   	u8 *tmp = NULL;
>   	struct hostapd_sta_wpa_psk_short *psk = NULL;
> -@@ -2884,6 +2897,11 @@ static void handle_assoc(struct hostapd_
> +@@ -3112,6 +3125,11 @@ static void handle_assoc(struct hostapd_
>   #ifdef CONFIG_FILS
>   	int delay_assoc = 0;
>   #endif /* CONFIG_FILS */
> @@ -170,7 +170,7 @@
>   
>   	if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
>   				      sizeof(mgmt->u.assoc_req))) {
> -@@ -3051,6 +3069,14 @@ static void handle_assoc(struct hostapd_
> +@@ -3283,6 +3301,14 @@ static void handle_assoc(struct hostapd_
>   	}
>   #endif /* CONFIG_MBO */
>   
> @@ -185,7 +185,7 @@
>   	/*
>   	 * sta->capability is used in check_assoc_ies() for RRM enabled
>   	 * capability element.
> -@@ -3258,6 +3284,7 @@ static void handle_disassoc(struct hosta
> +@@ -3496,6 +3522,7 @@ static void handle_disassoc(struct hosta
>   	wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
>   		   MAC2STR(mgmt->sa),
>   		   le_to_host16(mgmt->u.disassoc.reason_code));
> @@ -193,7 +193,7 @@
>   
>   	sta = ap_get_sta(hapd, mgmt->sa);
>   	if (sta == NULL) {
> -@@ -3323,6 +3350,8 @@ static void handle_deauth(struct hostapd
> +@@ -3561,6 +3588,8 @@ static void handle_deauth(struct hostapd
>   		" reason_code=%d",
>   		MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
>   
> @@ -202,16 +202,16 @@
>   	sta = ap_get_sta(hapd, mgmt->sa);
>   	if (sta == NULL) {
>   		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
> -@@ -3637,7 +3666,7 @@ int ieee802_11_mgmt(struct hostapd_data
> +@@ -3883,7 +3912,7 @@ int ieee802_11_mgmt(struct hostapd_data
>   
>   
>   	if (stype == WLAN_FC_STYPE_PROBE_REQ) {
> --		handle_probe_req(hapd, mgmt, len, fi->ssi_signal);
> +-		handle_probe_req(hapd, mgmt, len, ssi_signal);
>  +		handle_probe_req(hapd, mgmt, len, fi);
>   		return 1;
>   	}
>   
> -@@ -3657,17 +3686,17 @@ int ieee802_11_mgmt(struct hostapd_data
> +@@ -3903,17 +3932,17 @@ int ieee802_11_mgmt(struct hostapd_data
>   	switch (stype) {
>   	case WLAN_FC_STYPE_AUTH:
>   		wpa_printf(MSG_DEBUG, "mgmt::auth");
> @@ -234,7 +234,7 @@
>   	case WLAN_FC_STYPE_DISASSOC:
>  --- a/src/ap/beacon.c
>  +++ b/src/ap/beacon.c
> -@@ -716,7 +716,7 @@ void sta_track_claim_taxonomy_info(struc
> +@@ -720,7 +720,7 @@ void sta_track_claim_taxonomy_info(struc
>   
>   void handle_probe_req(struct hostapd_data *hapd,
>   		      const struct ieee80211_mgmt *mgmt, size_t len,
> @@ -243,7 +243,7 @@
>   {
>   	u8 *resp;
>   	struct ieee802_11_elems elems;
> -@@ -725,9 +725,15 @@ void handle_probe_req(struct hostapd_dat
> +@@ -729,6 +729,7 @@ void handle_probe_req(struct hostapd_dat
>   	size_t i, resp_len;
>   	int noack;
>   	enum ssid_match_result res;
> @@ -251,6 +251,10 @@
>   	int ret;
>   	u16 csa_offs[2];
>   	size_t csa_offs_len;
> +@@ -737,6 +738,11 @@ void handle_probe_req(struct hostapd_dat
> + 	struct hostapd_sta_wpa_psk_short *psk = NULL;
> + 	char *identity = NULL;
> + 	char *radius_cui = NULL;
>  +	struct hostapd_ubus_request req = {
>  +		.type = HOSTAPD_UBUS_PROBE_REQ,
>  +		.mgmt_frame = mgmt,
> @@ -259,7 +263,7 @@
>   
>   	if (len < IEEE80211_HDRLEN)
>   		return;
> -@@ -894,6 +900,12 @@ void handle_probe_req(struct hostapd_dat
> +@@ -914,6 +920,12 @@ void handle_probe_req(struct hostapd_dat
>   	}
>   #endif /* CONFIG_P2P */
>   
> @@ -311,7 +315,7 @@
>   		wpabuf_free(sta->p2p_ie);
>  --- a/src/ap/sta_info.c
>  +++ b/src/ap/sta_info.c
> -@@ -404,6 +404,7 @@ void ap_handle_timer(void *eloop_ctx, vo
> +@@ -408,6 +408,7 @@ void ap_handle_timer(void *eloop_ctx, vo
>   			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
>   			       "local deauth request");
>   		ap_free_sta(hapd, sta);
> @@ -319,7 +323,7 @@
>   		return;
>   	}
>   
> -@@ -551,6 +552,7 @@ skip_poll:
> +@@ -555,6 +556,7 @@ skip_poll:
>   			hapd, sta,
>   			WLAN_REASON_PREV_AUTH_NOT_VALID);
>   		ap_free_sta(hapd, sta);
> @@ -327,7 +331,7 @@
>   		break;
>   	}
>   }
> -@@ -1212,6 +1214,7 @@ void ap_sta_set_authorized(struct hostap
> +@@ -1216,6 +1218,7 @@ void ap_sta_set_authorized(struct hostap
>   					  buf, ip_addr);
>   	} else {
>   		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
> @@ -337,7 +341,7 @@
>   		    hapd->msg_ctx_parent != hapd->msg_ctx)
>  --- a/src/ap/wpa_auth_glue.c
>  +++ b/src/ap/wpa_auth_glue.c
> -@@ -175,6 +175,7 @@ static void hostapd_wpa_auth_psk_failure
> +@@ -176,6 +176,7 @@ static void hostapd_wpa_auth_psk_failure
>   	struct hostapd_data *hapd = ctx;
>   	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
>   		MAC2STR(addr));
> -- 
> 2.16.2
> 
> 
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev



More information about the Lede-dev mailing list