openwrt/package/network/services/hostapd/patches/050-Fix-OpenWrt-13156.patch

From 26cd9bafc1d25e602952ee86cd2a5b8c3a995490 Mon Sep 17 00:00:00 2001
From: Stijn Tintel <stijn@linux-ipv6.be>
Date: Fri, 28 Jul 2023 16:27:47 +0300
Subject: [PATCH] Revert "Do prune_association only after the STA is
 authorized"

Commit e978072baaca ("Do prune_association only after the STA is
authorized") causes issues when an STA roams from one interface to
another interface on the same PHY. The mt7915 driver is not able to
handle this properly. While the commits fixes a DoS, there are other
devices and drivers with the same limitation, so revert to the orginal
behavior for now, until we have a better solution in place.

Ref: https://github.com/openwrt/openwrt/issues/13156
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
---
 src/ap/hostapd.c  | 14 +++++++++++---
 src/ap/sta_info.c |  3 ---
 2 files changed, 11 insertions(+), 6 deletions(-)

--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -4055,6 +4055,8 @@ int hostapd_remove_iface(struct hapd_int
 void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
 			   int reassoc)
 {
+	int mld_assoc_link_id = -1;
+
 	if (hapd->tkip_countermeasures) {
 		hostapd_drv_sta_deauth(hapd, sta->addr,
 				       WLAN_REASON_MICHAEL_MIC_FAILURE);
@@ -4062,10 +4064,16 @@ void hostapd_new_assoc_sta(struct hostap
 	}
 
 #ifdef CONFIG_IEEE80211BE
-	if (ap_sta_is_mld(hapd, sta) &&
-	    sta->mld_assoc_link_id != hapd->mld_link_id)
-		return;
+	if (ap_sta_is_mld(hapd, sta)) {
+		if (sta->mld_assoc_link_id == hapd->mld_link_id) {
+			mld_assoc_link_id = sta->mld_assoc_link_id;
+		} else {
+			return;
+		}
+	}
 #endif /* CONFIG_IEEE80211BE */
+        if (mld_assoc_link_id != -2)
+		hostapd_prune_associations(hapd, sta->addr, mld_assoc_link_id);
 
 	ap_sta_clear_disconnect_timeouts(hapd, sta);
 	sta->post_csa_sa_query = 0;
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -1485,9 +1485,6 @@ bool ap_sta_set_authorized_flag(struct h
 				mld_assoc_link_id = -2;
 		}
 #endif /* CONFIG_IEEE80211BE */
-		if (mld_assoc_link_id != -2)
-			hostapd_prune_associations(hapd, sta->addr,
-						   mld_assoc_link_id);
 		sta->flags |= WLAN_STA_AUTHORIZED;
 	} else {
 		sta->flags &= ~WLAN_STA_AUTHORIZED;
hostapd: revert upstream commit to fix #13156 Commit e978072baaca ("Do prune_association only after the STA is authorized") causes issues when an STA roams from one interface to another interface on the same PHY. The mt7915 driver is not able to handle this properly. While the commits fixes a DoS, there are other devices and drivers with the same limitation, so revert to the orginal behavior for now, until we have a better solution in place. Fixes: #13156 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> 2023-08-04 07:03:10 +00:00			`From 26cd9bafc1d25e602952ee86cd2a5b8c3a995490 Mon Sep 17 00:00:00 2001`
			`From: Stijn Tintel <stijn@linux-ipv6.be>`
			`Date: Fri, 28 Jul 2023 16:27:47 +0300`
			`Subject: [PATCH] Revert "Do prune_association only after the STA is`
			`authorized"`

			`Commit e978072baaca ("Do prune_association only after the STA is`
			`authorized") causes issues when an STA roams from one interface to`
			`another interface on the same PHY. The mt7915 driver is not able to`
			`handle this properly. While the commits fixes a DoS, there are other`
			`devices and drivers with the same limitation, so revert to the orginal`
			`behavior for now, until we have a better solution in place.`

			`Ref: https://github.com/openwrt/openwrt/issues/13156`
			`Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>`
			`---`
			`src/ap/hostapd.c \| 14 +++++++++++---`
			`src/ap/sta_info.c \| 3 ---`
			`2 files changed, 11 insertions(+), 6 deletions(-)`

			`--- a/src/ap/hostapd.c`
			`+++ b/src/ap/hostapd.c`
hostapd: update to version 2024-09-15 Remove upstreamed from 2.11 release: 060-nl80211-fix-crash-when-adding-an-interface-fails.patch Rebase all other patches Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> Link: https://github.com/openwrt/openwrt/pull/16338 Signed-off-by: Robert Marko <robimarko@gmail.com> 2024-09-07 17:54:34 +00:00			`@@ -4055,6 +4055,8 @@ int hostapd_remove_iface(struct hapd_int`
hostapd: revert upstream commit to fix #13156 Commit e978072baaca ("Do prune_association only after the STA is authorized") causes issues when an STA roams from one interface to another interface on the same PHY. The mt7915 driver is not able to handle this properly. While the commits fixes a DoS, there are other devices and drivers with the same limitation, so revert to the orginal behavior for now, until we have a better solution in place. Fixes: #13156 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> 2023-08-04 07:03:10 +00:00			`void hostapd_new_assoc_sta(struct hostapd_data hapd, struct sta_info sta,`
			`int reassoc)`
			`{`
			`+ int mld_assoc_link_id = -1;`
			`+`
			`if (hapd->tkip_countermeasures) {`
			`hostapd_drv_sta_deauth(hapd, sta->addr,`
			`WLAN_REASON_MICHAEL_MIC_FAILURE);`
hostapd: update to version 2024-09-15 Remove upstreamed from 2.11 release: 060-nl80211-fix-crash-when-adding-an-interface-fails.patch Rebase all other patches Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> Link: https://github.com/openwrt/openwrt/pull/16338 Signed-off-by: Robert Marko <robimarko@gmail.com> 2024-09-07 17:54:34 +00:00			`@@ -4062,10 +4064,16 @@ void hostapd_new_assoc_sta(struct hostap`
hostapd: revert upstream commit to fix #13156 Commit e978072baaca ("Do prune_association only after the STA is authorized") causes issues when an STA roams from one interface to another interface on the same PHY. The mt7915 driver is not able to handle this properly. While the commits fixes a DoS, there are other devices and drivers with the same limitation, so revert to the orginal behavior for now, until we have a better solution in place. Fixes: #13156 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> 2023-08-04 07:03:10 +00:00			`}`

			`#ifdef CONFIG_IEEE80211BE`
hostapd: bump to 2024-03-09 This brings many changes, including fixes for a couple of memory leaks, and improved interoperability with 802.11r. There are also many changes related to 802.11be, which is not enabled at this time. Fixed upstream: - 022-hostapd-fix-use-of-uninitialized-stack-variables.patch - 180-driver_nl80211-fix-setting-QoS-map-on-secondary-BSSs.patch - 993-2023-10-28-ACS-Fix-typo-in-bw_40-frequency-array.patch Switch PKG_SOURCE_URL to https, since http is not currently working. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Ilya Katsnelson <me@0upti.me> Tested by: Andrew Sim <andrewsimz@gmail.com> 2024-02-10 21:10:08 +00:00			`- if (ap_sta_is_mld(hapd, sta) &&`
hostapd: revert upstream commit to fix #13156 Commit e978072baaca ("Do prune_association only after the STA is authorized") causes issues when an STA roams from one interface to another interface on the same PHY. The mt7915 driver is not able to handle this properly. While the commits fixes a DoS, there are other devices and drivers with the same limitation, so revert to the orginal behavior for now, until we have a better solution in place. Fixes: #13156 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> 2023-08-04 07:03:10 +00:00			`- sta->mld_assoc_link_id != hapd->mld_link_id)`
			`- return;`
hostapd: bump to 2024-03-09 This brings many changes, including fixes for a couple of memory leaks, and improved interoperability with 802.11r. There are also many changes related to 802.11be, which is not enabled at this time. Fixed upstream: - 022-hostapd-fix-use-of-uninitialized-stack-variables.patch - 180-driver_nl80211-fix-setting-QoS-map-on-secondary-BSSs.patch - 993-2023-10-28-ACS-Fix-typo-in-bw_40-frequency-array.patch Switch PKG_SOURCE_URL to https, since http is not currently working. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Ilya Katsnelson <me@0upti.me> Tested by: Andrew Sim <andrewsimz@gmail.com> 2024-02-10 21:10:08 +00:00			`+ if (ap_sta_is_mld(hapd, sta)) {`
hostapd: revert upstream commit to fix #13156 Commit e978072baaca ("Do prune_association only after the STA is authorized") causes issues when an STA roams from one interface to another interface on the same PHY. The mt7915 driver is not able to handle this properly. While the commits fixes a DoS, there are other devices and drivers with the same limitation, so revert to the orginal behavior for now, until we have a better solution in place. Fixes: #13156 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> 2023-08-04 07:03:10 +00:00			`+ if (sta->mld_assoc_link_id == hapd->mld_link_id) {`
			`+ mld_assoc_link_id = sta->mld_assoc_link_id;`
			`+ } else {`
			`+ return;`
			`+ }`
			`+ }`
			`#endif /* CONFIG_IEEE80211BE */`
			`+ if (mld_assoc_link_id != -2)`
			`+ hostapd_prune_associations(hapd, sta->addr, mld_assoc_link_id);`

			`ap_sta_clear_disconnect_timeouts(hapd, sta);`
			`sta->post_csa_sa_query = 0;`
			`--- a/src/ap/sta_info.c`
			`+++ b/src/ap/sta_info.c`
hostapd: update to 2.11 release tag Release 2.11 has been quite a few new features and fixes since the 2.10 release. The following ChangeLog entries highlight some of the main changes: * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying ...and many more Remove upstreamed patches: 023-ndisc_snoop-call-dl_list_del-before-freeing-ipv6-add.patch 030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch 040-mesh-allow-processing-authentication-frames-in-block.patch 181-driver_nl80211-update-drv-ifindex-on-removing-the-fi.patch 182-nl80211-move-nl80211_put_freq_params-call-outside-of.patch 183-hostapd-cancel-channel_list_update_timeout-in-hostap.patch 210-build-de-duplicate-_DIRS-before-calling-mkdir.patch 253-qos_map_set_without_interworking.patch 751-qos_map_ignore_when_unsupported.patch 800-SAE-Check-for-invalid-Rejected-Groups-element-length.patch 801-SAE-Check-for-invalid-Rejected-Groups-element-length.patch 802-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch Other patches has been updated. Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> Link: https://github.com/openwrt/openwrt/pull/16338 Signed-off-by: Robert Marko <robimarko@gmail.com> 2024-08-15 18:47:25 +00:00			`@@ -1485,9 +1485,6 @@ bool ap_sta_set_authorized_flag(struct h`
hostapd: revert upstream commit to fix #13156 Commit e978072baaca ("Do prune_association only after the STA is authorized") causes issues when an STA roams from one interface to another interface on the same PHY. The mt7915 driver is not able to handle this properly. While the commits fixes a DoS, there are other devices and drivers with the same limitation, so revert to the orginal behavior for now, until we have a better solution in place. Fixes: #13156 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> 2023-08-04 07:03:10 +00:00			`mld_assoc_link_id = -2;`
			`}`
			`#endif /* CONFIG_IEEE80211BE */`
			`- if (mld_assoc_link_id != -2)`
			`- hostapd_prune_associations(hapd, sta->addr,`
			`- mld_assoc_link_id);`
			`sta->flags \|= WLAN_STA_AUTHORIZED;`
			`} else {`
			`sta->flags &= ~WLAN_STA_AUTHORIZED;`