aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@nbd.name>2021-11-24 17:02:26 +0100
committerFelix Fietkau <nbd@nbd.name>2021-11-24 18:31:04 +0100
commit77667a7eb6129c14318f7ec4f33f888789e36eb6 (patch)
tree697b3c64963f2fa8f803a10849897167c582152e
parent9127e5193ecf2a300f12691d44f9ac2383424853 (diff)
downloadupstream-77667a7eb6129c14318f7ec4f33f888789e36eb6.tar.gz
upstream-77667a7eb6129c14318f7ec4f33f888789e36eb6.tar.bz2
upstream-77667a7eb6129c14318f7ec4f33f888789e36eb6.zip
hostapd: add a patch that allows processing auth requests for peers in blocked state
If authentication fails repeatedly e.g. because of a weak signal, the link can end up in blocked state. If one of the nodes tries to establish a link again before it is unblocked on the other side, it will block the link to that other side. The same happens on the other side when it unblocks the link. In that scenario, the link never recovers on its own. To fix this, allow restarting authentication even if the link is in blocked state, but don't initiate the attempt until the blocked period is over. Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit f84053af5c0b0a159ea4d3e90b0c06574b4fde8d)
-rw-r--r--package/network/services/hostapd/Makefile2
-rw-r--r--package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch34
-rw-r--r--package/network/services/hostapd/patches/110-notify-mgmt-frames.patch4
-rw-r--r--package/network/services/hostapd/patches/600-ubus_support.patch10
-rw-r--r--package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch2
5 files changed, 43 insertions, 9 deletions
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 8c3a4a92be..783c10d587 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
-PKG_RELEASE:=36
+PKG_RELEASE:=37
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch b/package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch
new file mode 100644
index 0000000000..55dd980cd7
--- /dev/null
+++ b/package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch
@@ -0,0 +1,34 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Mon, 18 Feb 2019 12:57:11 +0100
+Subject: [PATCH] mesh: allow processing authentication frames in blocked state
+
+If authentication fails repeatedly e.g. because of a weak signal, the link
+can end up in blocked state. If one of the nodes tries to establish a link
+again before it is unblocked on the other side, it will block the link to
+that other side. The same happens on the other side when it unblocks the
+link. In that scenario, the link never recovers on its own.
+
+To fix this, allow restarting authentication even if the link is in blocked
+state, but don't initiate the attempt until the blocked period is over.
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -2527,15 +2527,6 @@ static void handle_auth(struct hostapd_d
+ seq_ctrl);
+ return;
+ }
+-#ifdef CONFIG_MESH
+- if ((hapd->conf->mesh & MESH_ENABLED) &&
+- sta->plink_state == PLINK_BLOCKED) {
+- wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
+- " is blocked - drop Authentication frame",
+- MAC2STR(mgmt->sa));
+- return;
+- }
+-#endif /* CONFIG_MESH */
+ } else {
+ #ifdef CONFIG_MESH
+ if (hapd->conf->mesh & MESH_ENABLED) {
diff --git a/package/network/services/hostapd/patches/110-notify-mgmt-frames.patch b/package/network/services/hostapd/patches/110-notify-mgmt-frames.patch
index 9e187253d4..c3a66a7115 100644
--- a/package/network/services/hostapd/patches/110-notify-mgmt-frames.patch
+++ b/package/network/services/hostapd/patches/110-notify-mgmt-frames.patch
@@ -63,7 +63,7 @@ Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
-@@ -4878,6 +4878,28 @@ static int handle_action(struct hostapd_
+@@ -4869,6 +4869,28 @@ static int handle_action(struct hostapd_
return 1;
}
@@ -92,7 +92,7 @@ Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
/**
* ieee802_11_mgmt - process incoming IEEE 802.11 management frames
-@@ -4969,6 +4991,9 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -4960,6 +4982,9 @@ int ieee802_11_mgmt(struct hostapd_data
if (hapd->iconf->track_sta_max_num)
sta_track_add(hapd->iface, mgmt->sa, ssi_signal);
diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index 89f5a5c3cf..53f521e649 100644
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -126,7 +126,7 @@
if (res == HOSTAPD_ACL_PENDING)
return;
-@@ -4166,7 +4178,7 @@ static void handle_assoc(struct hostapd_
+@@ -4157,7 +4169,7 @@ static void handle_assoc(struct hostapd_
int resp = WLAN_STATUS_SUCCESS;
u16 reply_res;
const u8 *pos;
@@ -135,7 +135,7 @@
struct sta_info *sta;
u8 *tmp = NULL;
#ifdef CONFIG_FILS
-@@ -4379,6 +4391,11 @@ static void handle_assoc(struct hostapd_
+@@ -4370,6 +4382,11 @@ static void handle_assoc(struct hostapd_
left = res;
}
#endif /* CONFIG_FILS */
@@ -147,7 +147,7 @@
/* followed by SSID and Supported rates; and HT capabilities if 802.11n
* is used */
-@@ -4477,6 +4494,14 @@ static void handle_assoc(struct hostapd_
+@@ -4468,6 +4485,14 @@ static void handle_assoc(struct hostapd_
}
#endif /* CONFIG_FILS */
@@ -162,7 +162,7 @@
fail:
/*
-@@ -4570,6 +4595,7 @@ static void handle_disassoc(struct hosta
+@@ -4561,6 +4586,7 @@ static void handle_disassoc(struct hosta
wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
MAC2STR(mgmt->sa),
le_to_host16(mgmt->u.disassoc.reason_code));
@@ -170,7 +170,7 @@
sta = ap_get_sta(hapd, mgmt->sa);
if (sta == NULL) {
-@@ -4636,6 +4662,8 @@ static void handle_deauth(struct hostapd
+@@ -4627,6 +4653,8 @@ static void handle_deauth(struct hostapd
" reason_code=%d",
MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
diff --git a/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch b/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch
index 8fe8893c85..94f4a2b297 100644
--- a/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch
+++ b/package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch
@@ -65,7 +65,7 @@
wpabuf_free(sta->hs20_ie);
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
-@@ -2884,13 +2884,11 @@ static u16 copy_supp_rates(struct hostap
+@@ -2875,13 +2875,11 @@ static u16 copy_supp_rates(struct hostap
static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *ext_capab_ie, size_t ext_capab_ie_len)
{