openwrt/package/network/services/hostapd/patches/018-mesh-make-forwarding-configurable.patch
Petr Štetiar df6a33a8d4 hostapd: update to latest Git hostap_2_9-1331-g5a8b366233f5
Bump to latest Git and refresh all patches in order to get fix for "UPnP
SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695).

 General security vulnerability in the way the callback URLs in the UPnP
 SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
 Some of the described issues may be applicable to the use of UPnP in WPS
 AP mode functionality for supporting external registrars.

Ref: https://w1.fi/security/2020-1/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-09 16:59:33 +02:00

220 lines
8.0 KiB
Diff

From 90fe6429624fc48bc0e5d2d7eeecb7498708b5e3 Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Wed, 18 Apr 2018 19:24:31 +0200
Subject: [PATCH 18/18] mesh: make forwarding configurable
Allow mesh_fwding to be specified in a mesh bss config, pass that
to the driver (only nl80211 implemented for now) and announce
forwarding capability accordingly.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
src/ap/ap_config.h | 2 ++
src/drivers/driver.h | 2 ++
src/drivers/driver_nl80211.c | 3 +++
wpa_supplicant/config.c | 4 ++++
wpa_supplicant/config.h | 9 +++++++++
wpa_supplicant/config_file.c | 4 ++++
wpa_supplicant/config_ssid.h | 5 +++++
wpa_supplicant/mesh.c | 6 ++++++
wpa_supplicant/mesh_mpm.c | 4 ++--
wpa_supplicant/wpa_supplicant.conf | 3 +++
10 files changed, 40 insertions(+), 2 deletions(-)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -51,6 +51,7 @@ struct mesh_conf {
int dot11MeshRetryTimeout; /* msec */
int dot11MeshConfirmTimeout; /* msec */
int dot11MeshHoldingTimeout; /* msec */
+ int mesh_fwding;
};
#define MAX_STA_COUNT 2007
@@ -701,6 +702,7 @@ struct hostapd_bss_config {
#define MESH_ENABLED BIT(0)
int mesh;
+ int mesh_fwding;
u8 radio_measurements[RRM_CAPABILITIES_IE_LEN];
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1515,6 +1515,7 @@ struct wpa_driver_mesh_bss_params {
#define WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS 0x00000004
#define WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE 0x00000008
#define WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD 0x00000010
+#define WPA_DRIVER_MESH_CONF_FLAG_FORWARDING 0x00000020
/*
* TODO: Other mesh configuration parameters would go here.
* See NL80211_MESHCONF_* for all the mesh config parameters.
@@ -1524,6 +1525,7 @@ struct wpa_driver_mesh_bss_params {
int peer_link_timeout;
int max_peer_links;
int rssi_threshold;
+ int forwarding;
u16 ht_opmode;
};
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -10019,6 +10019,9 @@ static int nl80211_put_mesh_config(struc
if (((params->flags & WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS) &&
nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
params->auto_plinks)) ||
+ ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_FORWARDING) &&
+ nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
+ params->forwarding)) ||
((params->flags & WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS) &&
nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
params->max_peer_links)) ||
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2473,6 +2473,7 @@ static const struct parse_data ssid_fiel
#ifdef CONFIG_MESH
{ INT_RANGE(mode, 0, 5) },
{ INT_RANGE(no_auto_peer, 0, 1) },
+ { INT_RANGE(mesh_fwding, 0, 1) },
{ INT_RANGE(mesh_rssi_threshold, -255, 1) },
#else /* CONFIG_MESH */
{ INT_RANGE(mode, 0, 4) },
@@ -3047,6 +3048,7 @@ void wpa_config_set_network_defaults(str
ssid->dot11MeshRetryTimeout = DEFAULT_MESH_RETRY_TIMEOUT;
ssid->dot11MeshConfirmTimeout = DEFAULT_MESH_CONFIRM_TIMEOUT;
ssid->dot11MeshHoldingTimeout = DEFAULT_MESH_HOLDING_TIMEOUT;
+ ssid->mesh_fwding = DEFAULT_MESH_FWDING;
ssid->mesh_rssi_threshold = DEFAULT_MESH_RSSI_THRESHOLD;
#endif /* CONFIG_MESH */
#ifdef CONFIG_HT_OVERRIDES
@@ -4274,6 +4276,7 @@ struct wpa_config * wpa_config_alloc_emp
config->user_mpm = DEFAULT_USER_MPM;
config->max_peer_links = DEFAULT_MAX_PEER_LINKS;
config->mesh_max_inactivity = DEFAULT_MESH_MAX_INACTIVITY;
+ config->mesh_fwding = DEFAULT_MESH_FWDING;
config->dot11RSNASAERetransPeriod =
DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD;
config->fast_reauth = DEFAULT_FAST_REAUTH;
@@ -4912,6 +4915,7 @@ static const struct global_parse_data gl
{ INT(user_mpm), 0 },
{ INT_RANGE(max_peer_links, 0, 255), 0 },
{ INT(mesh_max_inactivity), 0 },
+ { INT_RANGE(mesh_fwding, 0, 1), 0 },
{ INT(dot11RSNASAERetransPeriod), 0 },
#endif /* CONFIG_MESH */
{ INT(disable_scan_offload), 0 },
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -18,6 +18,7 @@
#define DEFAULT_USER_MPM 1
#define DEFAULT_MAX_PEER_LINKS 99
#define DEFAULT_MESH_MAX_INACTIVITY 300
+#define DEFAULT_MESH_FWDING 1
/*
* The default dot11RSNASAERetransPeriod is defined as 40 ms in the standard,
* but use 1000 ms in practice to avoid issues on low power CPUs.
@@ -1351,6 +1352,14 @@ struct wpa_config {
int mesh_max_inactivity;
/**
+ * mesh_fwding - Mesh network layer-2 forwarding
+ *
+ * This controls whether to enable layer-2 forwarding.
+ * By default: 1: enabled
+ */
+ int mesh_fwding;
+
+ /**
* dot11RSNASAERetransPeriod - Timeout to retransmit SAE Auth frame
*
* This timeout value is used in mesh STA to retransmit
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -866,6 +866,7 @@ static void wpa_config_write_network(FIL
#endif /* IEEE8021X_EAPOL */
INT(mode);
INT(no_auto_peer);
+ INT(mesh_fwding);
INT(frequency);
INT(enable_edmg);
INT(edmg_channel);
@@ -1527,6 +1528,9 @@ static void wpa_config_write_global(FILE
fprintf(f, "mesh_max_inactivity=%d\n",
config->mesh_max_inactivity);
+ if (config->mesh_fwding != DEFAULT_MESH_FWDING)
+ fprintf(f, "mesh_fwding=%d\n", config->mesh_fwding);
+
if (config->dot11RSNASAERetransPeriod !=
DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD)
fprintf(f, "dot11RSNASAERetransPeriod=%d\n",
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -546,6 +546,11 @@ struct wpa_ssid {
int dot11MeshConfirmTimeout; /* msec */
int dot11MeshHoldingTimeout; /* msec */
+ /**
+ * Mesh network layer-2 forwarding
+ */
+ int mesh_fwding;
+
int ht;
int ht40;
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -130,6 +130,7 @@ static struct mesh_conf * mesh_config_cr
conf->mesh_cc_id = 0;
conf->mesh_sp_id = MESH_SYNC_METHOD_NEIGHBOR_OFFSET;
conf->mesh_auth_id = (conf->security & MESH_CONF_SEC_AUTH) ? 1 : 0;
+ conf->mesh_fwding = ssid->mesh_fwding;
conf->dot11MeshMaxRetries = ssid->dot11MeshMaxRetries;
conf->dot11MeshRetryTimeout = ssid->dot11MeshRetryTimeout;
conf->dot11MeshConfirmTimeout = ssid->dot11MeshConfirmTimeout;
@@ -335,6 +336,7 @@ static int wpa_supplicant_mesh_init(stru
bss->conf->start_disabled = 1;
bss->conf->mesh = MESH_ENABLED;
bss->conf->ap_max_inactivity = wpa_s->conf->mesh_max_inactivity;
+ bss->conf->mesh_fwding = wpa_s->conf->mesh_fwding;
if (ieee80211_is_dfs(ssid->frequency, wpa_s->hw.modes,
wpa_s->hw.num_modes) && wpa_s->conf->country[0]) {
@@ -556,6 +558,10 @@ int wpa_supplicant_join_mesh(struct wpa_
}
params->conf.peer_link_timeout = wpa_s->conf->mesh_max_inactivity;
+ /* always explicitely set forwarding to on or off for now */
+ params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_FORWARDING;
+ params->conf.forwarding = ssid->mesh_fwding;
+
os_free(wpa_s->mesh_params);
wpa_s->mesh_params = params;
if (wpa_supplicant_mesh_init(wpa_s, ssid, &params->freq)) {
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -303,9 +303,9 @@ static void mesh_mpm_send_plink_action(s
info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1;
/* TODO: Add Connected to Mesh Gate/AS subfields */
wpabuf_put_u8(buf, info);
- /* always forwarding & accepting plinks for now */
+ /* set forwarding & always accepting plinks for now */
wpabuf_put_u8(buf, MESH_CAP_ACCEPT_ADDITIONAL_PEER |
- MESH_CAP_FORWARDING);
+ (conf->mesh_fwding ? MESH_CAP_FORWARDING : 0));
} else { /* Peer closing frame */
/* IE: Mesh ID */
wpabuf_put_u8(buf, WLAN_EID_MESH_ID);
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -150,6 +150,9 @@ ap_scan=1
# This timeout value is used in mesh STA to clean up inactive stations.
#mesh_max_inactivity=300
+# Enable 802.11s layer-2 routing and forwarding
+#mesh_fwding=1
+
# cert_in_cb - Whether to include a peer certificate dump in events
# This controls whether peer certificates for authentication server and
# its certificate chain are included in EAP peer certificate events. This is