aboutsummaryrefslogtreecommitdiffstats
path: root/package
diff options
context:
space:
mode:
Diffstat (limited to 'package')
-rw-r--r--package/kernel/mac80211/patches/rt2x00/982-rt2x00-add-rf-self-txdc-calibration.patch2
-rw-r--r--package/kernel/mac80211/patches/rt2x00/983-rt2x00-add-r-calibration.patch2
-rw-r--r--package/kernel/mac80211/patches/rt2x00/984-rt2x00-add-rxdcoc-calibration.patch2
-rw-r--r--package/kernel/mac80211/patches/rt2x00/985-rt2x00-add-rxiq-calibration.patch2
-rw-r--r--package/kernel/mac80211/patches/rt2x00/986-rt2x00-add-TX-LOFT-calibration.patch2
-rw-r--r--package/network/services/hostapd/Makefile2
-rw-r--r--package/network/services/hostapd/files/hostapd.sh42
-rw-r--r--package/network/services/hostapd/files/wps-hotplug.sh8
-rw-r--r--package/network/services/hostapd/patches/550-hostapd-Add-Multi-AP-protocol-support.patch306
-rw-r--r--package/network/services/hostapd/patches/551-wpa_supplicant-Add-Multi-AP-protocol-support-to-supp.patch311
-rw-r--r--package/network/services/hostapd/patches/552-tests-Multi-AP-association.patch100
-rw-r--r--package/network/services/hostapd/patches/553-tests-refactor-test_multi_ap.patch72
-rw-r--r--package/network/services/hostapd/patches/554-multi_ap-don-t-reject-backhaul-STA-on-fronhaul-BSS.patch106
-rw-r--r--package/network/services/hostapd/patches/555-WPS-wps_build_wfa_ext-add-multi_ap_subelem-parameter.patch342
-rw-r--r--package/network/services/hostapd/patches/556-wpa_supplicant-support-Multi-AP-backhaul-STA-onboard.patch217
-rw-r--r--package/network/services/hostapd/patches/557-hostapd-support-Multi-AP-backhaul-STA-onboarding.patch339
-rw-r--r--package/network/services/hostapd/patches/558-hostapd-add-README-MULTI-AP.patch181
-rw-r--r--package/network/services/hostapd/patches/559-tests-add-WPS-tests-to-multi_ap-hwsim-tests.patch182
-rw-r--r--package/network/services/hostapd/patches/600-ubus_support.patch24
-rw-r--r--package/network/services/hostapd/src/wpa_supplicant/ubus.c18
20 files changed, 2235 insertions, 25 deletions
diff --git a/package/kernel/mac80211/patches/rt2x00/982-rt2x00-add-rf-self-txdc-calibration.patch b/package/kernel/mac80211/patches/rt2x00/982-rt2x00-add-rf-self-txdc-calibration.patch
index 08fd1faf01..454f55b1cf 100644
--- a/package/kernel/mac80211/patches/rt2x00/982-rt2x00-add-rf-self-txdc-calibration.patch
+++ b/package/kernel/mac80211/patches/rt2x00/982-rt2x00-add-rf-self-txdc-calibration.patch
@@ -59,7 +59,7 @@
static void rt2800_bbp_core_soft_reset(struct rt2x00_dev *rt2x00dev,
bool set_bw, bool is_ht40)
{
-@@ -8943,6 +8995,7 @@ static void rt2800_init_rfcsr_6352(struc
+@@ -8956,6 +9008,7 @@ static void rt2800_init_rfcsr_6352(struc
rt2800_rfcsr_write_dccal(rt2x00dev, 5, 0x00);
rt2800_rfcsr_write_dccal(rt2x00dev, 17, 0x7C);
diff --git a/package/kernel/mac80211/patches/rt2x00/983-rt2x00-add-r-calibration.patch b/package/kernel/mac80211/patches/rt2x00/983-rt2x00-add-r-calibration.patch
index 3981d8f60f..6f0d5b577f 100644
--- a/package/kernel/mac80211/patches/rt2x00/983-rt2x00-add-r-calibration.patch
+++ b/package/kernel/mac80211/patches/rt2x00/983-rt2x00-add-r-calibration.patch
@@ -161,7 +161,7 @@
static void rt2800_bbp_core_soft_reset(struct rt2x00_dev *rt2x00dev,
bool set_bw, bool is_ht40)
{
-@@ -8995,6 +9149,7 @@ static void rt2800_init_rfcsr_6352(struc
+@@ -9008,6 +9162,7 @@ static void rt2800_init_rfcsr_6352(struc
rt2800_rfcsr_write_dccal(rt2x00dev, 5, 0x00);
rt2800_rfcsr_write_dccal(rt2x00dev, 17, 0x7C);
diff --git a/package/kernel/mac80211/patches/rt2x00/984-rt2x00-add-rxdcoc-calibration.patch b/package/kernel/mac80211/patches/rt2x00/984-rt2x00-add-rxdcoc-calibration.patch
index 4829a12ccd..fbeace27da 100644
--- a/package/kernel/mac80211/patches/rt2x00/984-rt2x00-add-rxdcoc-calibration.patch
+++ b/package/kernel/mac80211/patches/rt2x00/984-rt2x00-add-rxdcoc-calibration.patch
@@ -72,7 +72,7 @@
static void rt2800_bbp_core_soft_reset(struct rt2x00_dev *rt2x00dev,
bool set_bw, bool is_ht40)
{
-@@ -9151,6 +9216,7 @@ static void rt2800_init_rfcsr_6352(struc
+@@ -9164,6 +9229,7 @@ static void rt2800_init_rfcsr_6352(struc
rt2800_r_calibration(rt2x00dev);
rt2800_rf_self_txdc_cal(rt2x00dev);
diff --git a/package/kernel/mac80211/patches/rt2x00/985-rt2x00-add-rxiq-calibration.patch b/package/kernel/mac80211/patches/rt2x00/985-rt2x00-add-rxiq-calibration.patch
index cea099c3da..d6e9857748 100644
--- a/package/kernel/mac80211/patches/rt2x00/985-rt2x00-add-rxiq-calibration.patch
+++ b/package/kernel/mac80211/patches/rt2x00/985-rt2x00-add-rxiq-calibration.patch
@@ -387,7 +387,7 @@
static void rt2800_bbp_core_soft_reset(struct rt2x00_dev *rt2x00dev,
bool set_bw, bool is_ht40)
{
-@@ -9219,6 +9599,7 @@ static void rt2800_init_rfcsr_6352(struc
+@@ -9232,6 +9612,7 @@ static void rt2800_init_rfcsr_6352(struc
rt2800_rxdcoc_calibration(rt2x00dev);
rt2800_bw_filter_calibration(rt2x00dev, true);
rt2800_bw_filter_calibration(rt2x00dev, false);
diff --git a/package/kernel/mac80211/patches/rt2x00/986-rt2x00-add-TX-LOFT-calibration.patch b/package/kernel/mac80211/patches/rt2x00/986-rt2x00-add-TX-LOFT-calibration.patch
index c7d7aa1f08..463d3aad23 100644
--- a/package/kernel/mac80211/patches/rt2x00/986-rt2x00-add-TX-LOFT-calibration.patch
+++ b/package/kernel/mac80211/patches/rt2x00/986-rt2x00-add-TX-LOFT-calibration.patch
@@ -958,7 +958,7 @@
static void rt2800_bbp_core_soft_reset(struct rt2x00_dev *rt2x00dev,
bool set_bw, bool is_ht40)
{
-@@ -9599,6 +10550,7 @@ static void rt2800_init_rfcsr_6352(struc
+@@ -9612,6 +10563,7 @@ static void rt2800_init_rfcsr_6352(struc
rt2800_rxdcoc_calibration(rt2x00dev);
rt2800_bw_filter_calibration(rt2x00dev, true);
rt2800_bw_filter_calibration(rt2x00dev, false);
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 8c4c438bed..f531e660ff 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 970b27c143..46acbefeee 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -212,9 +212,12 @@ hostapd_common_add_bss_config() {
config_add_string wpa_psk_file
+ config_add_int multi_ap
+
config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1
config_add_int wps_ap_setup_locked wps_independent
config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
+ config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key
config_add_boolean ieee80211v wnm_sleep_mode bss_transition
config_add_int time_advertisement
@@ -261,7 +264,8 @@ hostapd_set_bss_options() {
macfilter ssid utf8_ssid wmm uapsd hidden short_preamble rsn_preauth \
iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
acct_server acct_secret acct_port acct_interval \
- bss_load_update_period chan_util_avg_period sae_require_mfp
+ bss_load_update_period chan_util_avg_period sae_require_mfp \
+ multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key
set_default isolate 0
set_default maxassoc 0
@@ -278,7 +282,8 @@ hostapd_set_bss_options() {
set_default bss_load_update_period 60
set_default chan_util_avg_period 600
set_default utf8_ssid 1
-
+ set_default multi_ap 0
+
append bss_conf "ctrl_interface=/var/run/hostapd"
if [ "$isolate" -gt 0 ]; then
append bss_conf "ap_isolate=$isolate" "$N"
@@ -298,6 +303,7 @@ hostapd_set_bss_options() {
append bss_conf "ignore_broadcast_ssid=$hidden" "$N"
append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N"
append bss_conf "utf8_ssid=$utf8_ssid" "$N"
+ append bss_conf "multi_ap=$multi_ap" "$N"
[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
@@ -420,6 +426,9 @@ hostapd_set_bss_options() {
[ "$wps_pushbutton" -gt 0 ] && append config_methods push_button
[ "$wps_label" -gt 0 ] && append config_methods label
+ # WPS not possible on Multi-AP backhaul-only SSID
+ [ "$multi_ap" = 1 ] && wps_possible=
+
[ -n "$wps_possible" -a -n "$config_methods" ] && {
set_default ext_registrar 0
set_default wps_device_type "6-0050F204-1"
@@ -442,6 +451,19 @@ hostapd_set_bss_options() {
append bss_conf "wps_independent=$wps_independent" "$N"
[ -n "$wps_ap_setup_locked" ] && append bss_conf "ap_setup_locked=$wps_ap_setup_locked" "$N"
[ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf "pbc_in_m1=$wps_pbc_in_m1" "$N"
+ [ "$multi_ap" -gt 0 ] && [ -n "$multi_ap_backhaul_ssid" ] && {
+ append bss_conf "multi_ap_backhaul_ssid=\"$multi_ap_backhaul_ssid\"" "$N"
+ if [ -z "$multi_ap_backhaul_key" ]; then
+ :
+ elif [ ${#multi_ap_backhaul_key} -lt 8 ]; then
+ wireless_setup_vif_failed INVALID_WPA_PSK
+ return 1
+ elif [ ${#multi_ap_backhaul_key} -eq 64 ]; then
+ append bss_conf "multi_ap_backhaul_wpa_psk=$multi_ap_backhaul_key" "$N"
+ else
+ append bss_conf "multi_ap_backhaul_wpa_passphrase=$multi_ap_backhaul_key" "$N"
+ fi
+ }
}
append bss_conf "ssid=$ssid" "$N"
@@ -640,7 +662,7 @@ wpa_supplicant_prepare_interface() {
_wpa_supplicant_common "$1"
- json_get_vars mode wds
+ json_get_vars mode wds multi_ap
[ -n "$network_bridge" ] && {
fail=
@@ -649,7 +671,7 @@ wpa_supplicant_prepare_interface() {
fail=1
;;
sta)
- [ "$wds" = 1 ] || fail=1
+ [ "$wds" = 1 -o "$multi_ap" = 1 ] || fail=1
;;
esac
@@ -675,6 +697,12 @@ wpa_supplicant_prepare_interface() {
country_str="country=$country"
}
+ multiap_flag_file="${_config}.is_multiap"
+ if [ "$multi_ap" = "1" ]; then
+ touch "$multiap_flag_file"
+ else
+ [ -e "$multiap_flag_file" ] && rm "$multiap_flag_file"
+ fi
wpa_supplicant_teardown_interface "$ifname"
cat > "$_config" <<EOF
$ap_scan
@@ -716,9 +744,11 @@ wpa_supplicant_add_network() {
json_get_vars \
ssid bssid key \
basic_rate mcast_rate \
- ieee80211w ieee80211r
+ ieee80211w ieee80211r \
+ multi_ap
set_default ieee80211r 0
+ set_default multi_ap 0
local key_mgmt='NONE'
local enc_str=
@@ -752,6 +782,8 @@ wpa_supplicant_add_network() {
[ "$_w_mode" = "adhoc" -o "$_w_mode" = "mesh" ] && append network_data "$_w_modestr" "$N$T"
+ [ "$multi_ap" = 1 -a "$_w_mode" = "sta" ] && append network_data "multi_ap_backhaul_sta=1" "$N$T"
+
case "$auth_type" in
none) ;;
owe)
diff --git a/package/network/services/hostapd/files/wps-hotplug.sh b/package/network/services/hostapd/files/wps-hotplug.sh
index ddfd021195..d00939d769 100644
--- a/package/network/services/hostapd/files/wps-hotplug.sh
+++ b/package/network/services/hostapd/files/wps-hotplug.sh
@@ -48,7 +48,13 @@ if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
wps_done=0
ubusobjs="$( ubus -S list wpa_supplicant.* )"
for ubusobj in $ubusobjs; do
- ubus -S call $ubusobj wps_start && wps_done=1
+ ifname="$(echo $ubusobj | cut -d'.' -f2 )"
+ multi_ap=""
+ if [ -e "/var/run/wpa_supplicant-${ifname}.conf.is_multiap" ]; then
+ ubus -S call $ubusobj wps_start '{ "multi_ap": true }' && wps_done=1
+ else
+ ubus -S call $ubusobj wps_start && wps_done=1
+ fi
done
[ $wps_done = 0 ] || wps_catch_credentials &
fi
diff --git a/package/network/services/hostapd/patches/550-hostapd-Add-Multi-AP-protocol-support.patch b/package/network/services/hostapd/patches/550-hostapd-Add-Multi-AP-protocol-support.patch
new file mode 100644
index 0000000000..812f794eda
--- /dev/null
+++ b/package/network/services/hostapd/patches/550-hostapd-Add-Multi-AP-protocol-support.patch
@@ -0,0 +1,306 @@
+From 9c06f0f6aed26c1628acaa74df0232dd7b345e9a Mon Sep 17 00:00:00 2001
+From: Venkateswara Naralasetty <vnaralas@codeaurora.org>
+Date: Wed, 5 Dec 2018 11:23:51 +0100
+Subject: [PATCH] hostapd: Add Multi-AP protocol support
+
+The purpose of Multi-AP specification is to enable inter-operability
+across Wi-Fi access points (APs) from different vendors.
+
+This patch introduces one new configuration parameter 'multi_ap' to
+enable Multi-AP functionality and to configure the BSS as a backhaul
+and/or fronthaul BSS.
+
+Advertise vendor specific Multi-AP capabilities in (Re)Association
+Response frame, if Multi-AP functionality is enabled through the
+configuration parameter.
+
+A backhaul AP must support receiving both 3addr and 4addr frames from a
+backhaul STA, so create a VLAN for it just like is done for WDS, i.e.,
+by calling hostapd_set_wds_sta(). Since Multi-AP requires WPA2 (never
+WEP), we can safely call hostapd_set_wds_encryption() as well and we can
+reuse the entire WDS condition.
+
+To parse the Multi-AP Extension subelement, we use get_ie(): even though
+that function is meant for parsing IEs, it works for subelements.
+
+Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+---
+ hostapd/config_file.c | 10 +++++
+ hostapd/hostapd.conf | 7 ++++
+ src/ap/ap_config.h | 4 ++
+ src/ap/ieee802_11.c | 77 +++++++++++++++++++++++++++++++++-
+ src/ap/sta_info.c | 2 +-
+ src/ap/sta_info.h | 1 +
+ src/common/ieee802_11_common.c | 24 +++++++++++
+ src/common/ieee802_11_common.h | 4 ++
+ src/common/ieee802_11_defs.h | 7 ++++
+ 9 files changed, 134 insertions(+), 2 deletions(-)
+
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -4115,6 +4115,16 @@ static int hostapd_config_fill(struct ho
+ } else if (os_strcmp(buf, "coloc_intf_reporting") == 0) {
+ bss->coloc_intf_reporting = atoi(pos);
+ #endif /* CONFIG_OWE */
++ } else if (os_strcmp(buf, "multi_ap") == 0) {
++ int val = atoi(pos);
++
++ if (val < 0 || val > 3) {
++ wpa_printf(MSG_ERROR, "Line %d: Invalid multi_ap '%s'",
++ line, buf);
++ return -1;
++ }
++
++ bss->multi_ap = val;
+ } else {
+ wpa_printf(MSG_ERROR,
+ "Line %d: unknown configuration item '%s'",
+--- a/hostapd/hostapd.conf
++++ b/hostapd/hostapd.conf
+@@ -438,6 +438,13 @@ wmm_ac_vo_txop_limit=47
+ wmm_ac_vo_acm=0
+ # Note: for IEEE 802.11b mode: cWmin=3 cWmax=4 burst=102
+
++# Enable Multi-AP functionality
++# 0 = disabled (default)
++# 1 = AP support backhaul BSS
++# 2 = AP support fronthaul BSS
++# 3 = AP supports both backhaul BSS and fronthaul BSS
++#multi_ap=0
++
+ # Static WEP key configuration
+ #
+ # The key number to use when transmitting.
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -688,6 +688,10 @@ struct hostapd_bss_config {
+ #endif /* CONFIG_OWE */
+
+ int coloc_intf_reporting;
++
++#define BACKHAUL_BSS 1
++#define FRONTHAUL_BSS 2
++ int multi_ap; /* bitmap of BACKHAUL_BSS, FRONTHAUL_BSS */
+ };
+
+ /**
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -62,6 +62,22 @@ prepare_auth_resp_fils(struct hostapd_da
+ int *is_pub);
+ #endif /* CONFIG_FILS */
+
++
++u8 * hostapd_eid_multi_ap(struct hostapd_data *hapd, u8 *eid)
++{
++ u8 multi_ap_val = 0;
++
++ if (!hapd->conf->multi_ap)
++ return eid;
++ if (hapd->conf->multi_ap & BACKHAUL_BSS)
++ multi_ap_val |= MULTI_AP_BACKHAUL_BSS;
++ if (hapd->conf->multi_ap & FRONTHAUL_BSS)
++ multi_ap_val |= MULTI_AP_FRONTHAUL_BSS;
++
++ return eid + add_multi_ap_ie(eid, 9, multi_ap_val);
++}
++
++
+ u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
+ {
+ u8 *pos = eid;
+@@ -2210,6 +2226,57 @@ static u16 check_wmm(struct hostapd_data
+ return WLAN_STATUS_SUCCESS;
+ }
+
++static u16 check_multi_ap(struct hostapd_data *hapd, struct sta_info *sta,
++ const u8 *multi_ap_ie, size_t multi_ap_len)
++{
++ u8 multi_ap_value = 0;
++
++ sta->flags &= ~WLAN_STA_MULTI_AP;
++
++ if (!hapd->conf->multi_ap)
++ return WLAN_STATUS_SUCCESS;
++
++ if (multi_ap_ie) {
++ const u8 *multi_ap_subelem;
++
++ multi_ap_subelem = get_ie(multi_ap_ie + 4,
++ multi_ap_len - 4,
++ MULTI_AP_SUB_ELEM_TYPE);
++ if (multi_ap_subelem && multi_ap_subelem[1] == 1) {
++ multi_ap_value = multi_ap_subelem[2];
++ } else {
++ hostapd_logger(hapd, sta->addr,
++ HOSTAPD_MODULE_IEEE80211,
++ HOSTAPD_LEVEL_INFO,
++ "Multi-AP IE has missing or invalid Multi-AP subelement");
++ return WLAN_STATUS_INVALID_IE;
++ }
++ }
++
++ if (multi_ap_value == MULTI_AP_BACKHAUL_STA)
++ sta->flags |= WLAN_STA_MULTI_AP;
++
++ if ((hapd->conf->multi_ap & BACKHAUL_BSS) &&
++ multi_ap_value == MULTI_AP_BACKHAUL_STA)
++ return WLAN_STATUS_SUCCESS;
++
++ if (hapd->conf->multi_ap & FRONTHAUL_BSS) {
++ if (multi_ap_value == MULTI_AP_BACKHAUL_STA) {
++ hostapd_logger(hapd, sta->addr,
++ HOSTAPD_MODULE_IEEE80211,
++ HOSTAPD_LEVEL_INFO,
++ "Backhaul STA tries to associate with fronthaul-only BSS");
++ return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
++ }
++ return WLAN_STATUS_SUCCESS;
++ }
++
++ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
++ HOSTAPD_LEVEL_INFO,
++ "Non-Multi-AP STA tries to associate with backhaul-only BSS");
++ return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
++}
++
+
+ static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
+ struct ieee802_11_elems *elems)
+@@ -2466,6 +2533,11 @@ static u16 check_assoc_ies(struct hostap
+ resp = copy_supp_rates(hapd, sta, &elems);
+ if (resp != WLAN_STATUS_SUCCESS)
+ return resp;
++
++ resp = check_multi_ap(hapd, sta, elems.multi_ap, elems.multi_ap_len);
++ if (resp != WLAN_STATUS_SUCCESS)
++ return resp;
++
+ #ifdef CONFIG_IEEE80211N
+ resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities);
+ if (resp != WLAN_STATUS_SUCCESS)
+@@ -2996,6 +3068,9 @@ static u16 send_assoc_resp(struct hostap
+ }
+ #endif /* CONFIG_WPS */
+
++ if (sta && (sta->flags & WLAN_STA_MULTI_AP))
++ p = hostapd_eid_multi_ap(hapd, p);
++
+ #ifdef CONFIG_P2P
+ if (sta && sta->p2p_ie && hapd->p2p_group) {
+ struct wpabuf *p2p_resp_ie;
+@@ -4236,7 +4311,7 @@ static void handle_assoc_cb(struct hosta
+ sta->flags |= WLAN_STA_WDS;
+ }
+
+- if (sta->flags & WLAN_STA_WDS) {
++ if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP)) {
+ int ret;
+ char ifname_wds[IFNAMSIZ + 1];
+
+--- a/src/ap/sta_info.c
++++ b/src/ap/sta_info.c
+@@ -166,7 +166,7 @@ void ap_free_sta(struct hostapd_data *ha
+ /* just in case */
+ ap_sta_set_authorized(hapd, sta, 0);
+
+- if (sta->flags & WLAN_STA_WDS)
++ if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP))
+ hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
+
+ if (sta->ipaddr)
+--- a/src/ap/sta_info.h
++++ b/src/ap/sta_info.h
+@@ -36,6 +36,7 @@
+ #define WLAN_STA_VHT_OPMODE_ENABLED BIT(20)
+ #define WLAN_STA_VENDOR_VHT BIT(21)
+ #define WLAN_STA_PENDING_FILS_ERP BIT(22)
++#define WLAN_STA_MULTI_AP BIT(23)
+ #define WLAN_STA_PENDING_DISASSOC_CB BIT(29)
+ #define WLAN_STA_PENDING_DEAUTH_CB BIT(30)
+ #define WLAN_STA_NONERP BIT(31)
+--- a/src/common/ieee802_11_common.c
++++ b/src/common/ieee802_11_common.c
+@@ -126,6 +126,10 @@ static int ieee802_11_parse_vendor_speci
+ elems->roaming_cons_sel = pos;
+ elems->roaming_cons_sel_len = elen;
+ break;
++ case MULTI_AP_OUI_TYPE:
++ elems->multi_ap = pos;
++ elems->multi_ap_len = elen;
++ break;
+ default:
+ wpa_printf(MSG_MSGDUMP, "Unknown WFA "
+ "information element ignored "
+@@ -1519,6 +1523,26 @@ size_t mbo_add_ie(u8 *buf, size_t len, c
+ }
+
+
++size_t add_multi_ap_ie(u8 *buf, size_t len, u8 value)
++{
++ u8 *pos = buf;
++
++ if (len < 9)
++ return 0;
++
++ *pos++ = WLAN_EID_VENDOR_SPECIFIC;
++ *pos++ = 7; /* len */
++ WPA_PUT_BE24(pos, OUI_WFA);
++ pos += 3;
++ *pos++ = MULTI_AP_OUI_TYPE;
++ *pos++ = MULTI_AP_SUB_ELEM_TYPE;
++ *pos++ = 1; /* len */
++ *pos++ = value;
++
++ return pos - buf;
++}
++
++
+ static const struct country_op_class us_op_class[] = {
+ { 1, 115 },
+ { 2, 118 },
+--- a/src/common/ieee802_11_common.h
++++ b/src/common/ieee802_11_common.h
+@@ -84,6 +84,7 @@ struct ieee802_11_elems {
+ const u8 *power_capab;
+ const u8 *roaming_cons_sel;
+ const u8 *password_id;
++ const u8 *multi_ap;
+
+ u8 ssid_len;
+ u8 supp_rates_len;
+@@ -130,6 +131,7 @@ struct ieee802_11_elems {
+ u8 power_capab_len;
+ u8 roaming_cons_sel_len;
+ u8 password_id_len;
++ u8 multi_ap_len;
+
+ struct mb_ies_info mb_ies;
+ };
+@@ -189,6 +191,8 @@ const u8 * get_ie_ext(const u8 *ies, siz
+
+ size_t mbo_add_ie(u8 *buf, size_t len, const u8 *attr, size_t attr_len);
+
++size_t add_multi_ap_ie(u8 *buf, size_t len, u8 value);
++
+ struct country_op_class {
+ u8 country_op_class;
+ u8 global_op_class;
+--- a/src/common/ieee802_11_defs.h
++++ b/src/common/ieee802_11_defs.h
+@@ -1210,6 +1210,13 @@ struct ieee80211_ampe_ie {
+ #define MBO_OUI_TYPE 22
+ #define OWE_IE_VENDOR_TYPE 0x506f9a1c
+ #define OWE_OUI_TYPE 28
++#define MULTI_AP_OUI_TYPE 0x1B
++
++#define MULTI_AP_SUB_ELEM_TYPE 0x06
++#define MULTI_AP_TEAR_DOWN BIT(4)
++#define MULTI_AP_FRONTHAUL_BSS BIT(5)
++#define MULTI_AP_BACKHAUL_BSS BIT(6)
++#define MULTI_AP_BACKHAUL_STA BIT(7)
+
+ #define WMM_OUI_TYPE 2
+ #define WMM_OUI_SUBTYPE_INFORMATION_ELEMENT 0
diff --git a/package/network/services/hostapd/patches/551-wpa_supplicant-Add-Multi-AP-protocol-support-to-supp.patch b/package/network/services/hostapd/patches/551-wpa_supplicant-Add-Multi-AP-protocol-support-to-supp.patch
new file mode 100644
index 0000000000..5fc41c20e6
--- /dev/null
+++ b/package/network/services/hostapd/patches/551-wpa_supplicant-Add-Multi-AP-protocol-support-to-supp.patch
@@ -0,0 +1,311 @@
+From 5abc7823bd01f69b8afbe1fd19f65fff86137c44 Mon Sep 17 00:00:00 2001
+From: Venkateswara Naralasetty <vnaralas@codeaurora.org>
+Date: Wed, 5 Dec 2018 11:23:53 +0100
+Subject: [PATCH] wpa_supplicant: Add Multi-AP backhaul STA support
+
+Advertise vendor specific Multi-AP IE in (Re)Association Request frames
+and process Multi-AP IE from (Re)Association Response frames if the user
+enables Multi-AP fuctionality. If the (Re)Association Response frame
+does not contain the Multi-AP IE, disassociate.
+
+This adds a new configuration parameter 'multi_ap_backhaul_sta' to
+enable/disable Multi-AP functionality.
+
+Enable 4-address mode after association (if the Association Response
+frame contains the Multi-AP IE). Also enable the bridge in that case.
+This is necessary because wpa_supplicant only enables the bridge in
+wpa_drv_if_add(), which only gets called when an interface is added
+through the control interface, not when it is configured from the
+command line.
+
+Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+---
+ src/drivers/driver.h | 9 ++++++
+ src/drivers/driver_nl80211.c | 44 ++++++++++++++++++++++++++
+ wpa_supplicant/config.c | 1 +
+ wpa_supplicant/config_ssid.h | 7 +++++
+ wpa_supplicant/driver_i.h | 8 +++++
+ wpa_supplicant/events.c | 50 ++++++++++++++++++++++++++++++
+ wpa_supplicant/sme.c | 16 ++++++++++
+ wpa_supplicant/wpa_supplicant.c | 18 +++++++++++
+ wpa_supplicant/wpa_supplicant.conf | 7 +++++
+ wpa_supplicant/wpa_supplicant_i.h | 1 +
+ 10 files changed, 161 insertions(+)
+
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -4100,6 +4100,15 @@ struct wpa_driver_ops {
+ */
+ int (*send_external_auth_status)(void *priv,
+ struct external_auth *params);
++
++ /**
++ * set_4addr_mode - Set 4-address mode
++ * @priv: Private driver interface data
++ * @bridge_ifname: Bridge interface name
++ * @val: 0 - disable 4addr mode, 1 - enable 4addr mode
++ * Returns: 0 on success, < 0 on failure
++ */
++ int (*set_4addr_mode)(void *priv, const char *bridge_ifname, int val);
+ };
+
+ /**
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -10728,6 +10728,49 @@ fail:
+ }
+
+
++static int nl80211_set_4addr_mode(void *priv, const char *bridge_ifname,
++ int val)
++{
++ struct i802_bss *bss = priv;
++ struct wpa_driver_nl80211_data *drv = bss->drv;
++ struct nl_msg *msg;
++ int ret = -ENOBUFS;
++
++ wpa_printf(MSG_DEBUG, "nl80211: %s 4addr mode (bridge_ifname: %s)",
++ val ? "Enable" : "Disable", bridge_ifname);
++
++ msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_SET_INTERFACE);
++ if (!msg || nla_put_u8(msg, NL80211_ATTR_4ADDR, val))
++ goto fail;
++
++ if (bridge_ifname[0] && bss->added_if_into_bridge && !val) {
++ if (linux_br_del_if(drv->global->ioctl_sock,
++ bridge_ifname, bss->ifname)) {
++ wpa_printf(MSG_ERROR,
++ "nl80211: Failed to remove interface %s from bridge %s",
++ bss->ifname, bridge_ifname);
++ return -1;
++ }
++ bss->added_if_into_bridge = 0;
++ }
++
++ ret = send_and_recv_msgs(drv, msg, NULL, NULL);
++ msg = NULL;
++ if (!ret) {
++ if (bridge_ifname[0] && val &&
++ i802_check_bridge(drv, bss, bridge_ifname, bss->ifname) < 0)
++ return -1;
++ return 0;
++ }
++
++fail:
++ nlmsg_free(msg);
++ wpa_printf(MSG_ERROR, "nl80211: Failed to enable/disable 4addr");
++
++ return ret;
++}
++
++
+ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
+ .name = "nl80211",
+ .desc = "Linux nl80211/cfg80211",
+@@ -10856,4 +10899,5 @@ const struct wpa_driver_ops wpa_driver_n
+ .get_ext_capab = nl80211_get_ext_capab,
+ .update_connect_params = nl80211_update_connection_params,
+ .send_external_auth_status = nl80211_send_external_auth_status,
++ .set_4addr_mode = nl80211_set_4addr_mode,
+ };
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -2416,6 +2416,7 @@ static const struct parse_data ssid_fiel
+ #endif /* CONFIG_DPP */
+ { INT_RANGE(owe_group, 0, 65535) },
+ { INT_RANGE(owe_only, 0, 1) },
++ { INT_RANGE(multi_ap_backhaul_sta, 0, 1) },
+ };
+
+ #undef OFFSET
+--- a/wpa_supplicant/config_ssid.h
++++ b/wpa_supplicant/config_ssid.h
+@@ -950,6 +950,13 @@ struct wpa_ssid {
+ * the selection attempts for OWE BSS exceed the configured threshold.
+ */
+ int owe_transition_bss_select_count;
++
++ /**
++ * multi_ap_backhaul_sta - Multi-AP backhaul STA
++ * 0 = normal (non-Multi-AP) station
++ * 1 = Multi-AP backhaul station
++ */
++ int multi_ap_backhaul_sta;
+ };
+
+ #endif /* CONFIG_SSID_H */
+--- a/wpa_supplicant/driver_i.h
++++ b/wpa_supplicant/driver_i.h
+@@ -1046,4 +1046,12 @@ wpa_drv_send_external_auth_status(struct
+ params);
+ }
+
++static inline int wpa_drv_set_4addr_mode(struct wpa_supplicant *wpa_s, int val)
++{
++ if (!wpa_s->driver->set_4addr_mode)
++ return -1;
++ return wpa_s->driver->set_4addr_mode(wpa_s->drv_priv,
++ wpa_s->bridge_ifname, val);
++}
++
+ #endif /* DRIVER_I_H */
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -324,6 +324,9 @@ void wpa_supplicant_mark_disassoc(struct
+ os_memset(wpa_s->last_tk, 0, sizeof(wpa_s->last_tk));
+ #endif /* CONFIG_TESTING_OPTIONS */
+ wpa_s->ieee80211ac = 0;
++
++ if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
++ wpa_s->enabled_4addr_mode = 0;
+ }
+
+
+@@ -2267,6 +2270,50 @@ static void interworking_process_assoc_r
+ #endif /* CONFIG_INTERWORKING */
+
+
++static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s,
++ const u8 *ies, size_t ies_len)
++{
++ struct ieee802_11_elems elems;
++ const u8 *map_sub_elem, *pos;
++ size_t len;
++
++ if (!wpa_s->current_ssid ||
++ !wpa_s->current_ssid->multi_ap_backhaul_sta ||
++ !ies ||
++ ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed)
++ return;
++
++ if (!elems.multi_ap || elems.multi_ap_len < 7) {
++ wpa_printf(MSG_INFO, "AP doesn't support Multi-AP protocol");
++ goto fail;
++ }
++
++ pos = elems.multi_ap + 4;
++ len = elems.multi_ap_len - 4;
++
++ map_sub_elem = get_ie(pos, len, MULTI_AP_SUB_ELEM_TYPE);
++ if (!map_sub_elem || map_sub_elem[1] < 1) {
++ wpa_printf(MSG_INFO, "invalid Multi-AP sub elem type");
++ goto fail;
++ }
++
++ if (!(map_sub_elem[2] & MULTI_AP_BACKHAUL_BSS)) {
++ wpa_printf(MSG_INFO, "AP doesn't support backhaul BSS");
++ goto fail;
++ }
++
++ if (wpa_drv_set_4addr_mode(wpa_s, 1) < 0) {
++ wpa_printf(MSG_ERROR, "Failed to set 4addr mode");
++ goto fail;
++ }
++ wpa_s->enabled_4addr_mode = 1;
++ return;
++
++fail:
++ wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
++}
++
++
+ #ifdef CONFIG_FST
+ static int wpas_fst_update_mbie(struct wpa_supplicant *wpa_s,
+ const u8 *ie, size_t ie_len)
+@@ -2343,6 +2390,9 @@ static int wpa_supplicant_event_associnf
+ get_ie(data->assoc_info.resp_ies,
+ data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))
+ wpa_s->ieee80211ac = 1;
++
++ multi_ap_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
++ data->assoc_info.resp_ies_len);
+ }
+ if (data->assoc_info.beacon_ies)
+ wpa_hexdump(MSG_DEBUG, "beacon_ies",
+--- a/wpa_supplicant/sme.c
++++ b/wpa_supplicant/sme.c
+@@ -1552,6 +1552,22 @@ void sme_associate(struct wpa_supplicant
+ }
+ #endif /* CONFIG_OWE */
+
++ if (wpa_s->current_ssid && wpa_s->current_ssid->multi_ap_backhaul_sta) {
++ size_t multi_ap_ie_len;
++
++ multi_ap_ie_len = add_multi_ap_ie(
++ wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
++ sizeof(wpa_s->sme.assoc_req_ie) -
++ wpa_s->sme.assoc_req_ie_len,
++ MULTI_AP_BACKHAUL_STA);
++ if (multi_ap_ie_len == 0) {
++ wpa_printf(MSG_ERROR,
++ "Multi-AP: Failed to build Multi-AP IE");
++ return;
++ }
++ wpa_s->sme.assoc_req_ie_len += multi_ap_ie_len;
++ }
++
+ params.bssid = bssid;
+ params.ssid = wpa_s->sme.ssid;
+ params.ssid_len = wpa_s->sme.ssid_len;
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -2893,6 +2893,21 @@ static u8 * wpas_populate_assoc_ies(
+ }
+ #endif /* CONFIG_IEEE80211R */
+
++ if (ssid->multi_ap_backhaul_sta) {
++ size_t multi_ap_ie_len;
++
++ multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
++ max_wpa_ie_len - wpa_ie_len,
++ MULTI_AP_BACKHAUL_STA);
++ if (multi_ap_ie_len == 0) {
++ wpa_printf(MSG_ERROR,
++ "Multi-AP: Failed to build Multi-AP IE");
++ os_free(wpa_ie);
++ return NULL;
++ }
++ wpa_ie_len += multi_ap_ie_len;
++ }
++
+ params->wpa_ie = wpa_ie;
+ params->wpa_ie_len = wpa_ie_len;
+ params->auth_alg = algs;
+@@ -3377,6 +3392,9 @@ void wpa_supplicant_deauthenticate(struc
+ zero_addr = 1;
+ }
+
++ if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
++ wpa_s->enabled_4addr_mode = 0;
++
+ #ifdef CONFIG_TDLS
+ wpa_tdls_teardown_peers(wpa_s->wpa);
+ #endif /* CONFIG_TDLS */
+--- a/wpa_supplicant/wpa_supplicant.conf
++++ b/wpa_supplicant/wpa_supplicant.conf
+@@ -1399,6 +1399,13 @@ fast_reauth=1
+ # 2: MCS 0-9
+ # 3: not supported
+
++# multi_ap_backhaul_sta: Multi-AP backhaul STA functionality
++# 0 = normal STA (default)
++# 1 = backhaul STA
++# A backhaul STA sends the Multi-AP IE, fails to associate if the AP does not
++# support Multi-AP, and sets 4-address mode if it does. Thus, the netdev can be
++# added to a bridge to allow forwarding frames over this backhaul link.
++
+ ##### Fast Session Transfer (FST) support #####################################
+ #
+ # The options in this section are only available when the build configuration
+--- a/wpa_supplicant/wpa_supplicant_i.h
++++ b/wpa_supplicant/wpa_supplicant_i.h
+@@ -1242,6 +1242,7 @@ struct wpa_supplicant {
+ unsigned int disable_fils:1;
+ #endif /* CONFIG_FILS */
+ unsigned int ieee80211ac:1;
++ unsigned int enabled_4addr_mode:1;
+ };
+
+
diff --git a/package/network/services/hostapd/patches/552-tests-Multi-AP-association.patch b/package/network/services/hostapd/patches/552-tests-Multi-AP-association.patch
new file mode 100644
index 0000000000..1f3aed92bd
--- /dev/null
+++ b/package/network/services/hostapd/patches/552-tests-Multi-AP-association.patch
@@ -0,0 +1,100 @@
+From 7488e0ade6dffb6df4c1fb6526a9f3ede0eb18ef Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Thu, 20 Dec 2018 12:41:00 +0200
+Subject: [PATCH] tests: Multi-AP association
+
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ tests/hwsim/test_multi_ap.py | 73 ++++++++++++++++++++++++++++++++++++
+ tests/hwsim/wpasupplicant.py | 3 +-
+ 2 files changed, 75 insertions(+), 1 deletion(-)
+ create mode 100644 tests/hwsim/test_multi_ap.py
+
+--- /dev/null
++++ b/tests/hwsim/test_multi_ap.py
+@@ -0,0 +1,73 @@
++# Test cases for Multi-AP
++# Copyright (c) 2018, The Linux Foundation
++#
++# This software may be distributed under the terms of the BSD license.
++# See README for more details.
++
++import hostapd
++
++def test_multi_ap_association(dev, apdev):
++ """Multi-AP association in backhaul BSS"""
++ run_multi_ap_association(dev, apdev, 1)
++ dev[1].connect("multi-ap", psk="12345678", scan_freq="2412",
++ wait_connect=False)
++ ev = dev[1].wait_event([ "CTRL-EVENT-DISCONNECTED",
++ "CTRL-EVENT-CONNECTED",
++ "CTRL-EVENT-ASSOC-REJECT" ],
++ timeout=5)
++ dev[1].request("DISCONNECT")
++ if ev is None:
++ raise Exception("Connection result not reported")
++ if "CTRL-EVENT-ASSOC-REJECT" not in ev:
++ raise Exception("Association rejection not reported")
++ if "status_code=12" not in ev:
++ raise Exception("Unexpected association status code: " + ev)
++
++def test_multi_ap_association_shared_bss(dev, apdev):
++ """Multi-AP association in backhaul BSS (with fronthaul BSS enabled)"""
++ run_multi_ap_association(dev, apdev, 3)
++ dev[1].connect("multi-ap", psk="12345678", scan_freq="2412")
++
++def run_multi_ap_association(dev, apdev, multi_ap):
++ params = hostapd.wpa2_params(ssid="multi-ap", passphrase="12345678")
++ params["multi_ap"] = str(multi_ap)
++ hapd = hostapd.add_ap(apdev[0], params)
++
++ dev[0].connect("multi-ap", psk="12345678", multi_ap_backhaul_sta="1",
++ scan_freq="2412")
++
++def test_multi_ap_disabled_on_ap(dev, apdev):
++ """Multi-AP association attempt when disabled on AP"""
++ params = hostapd.wpa2_params(ssid="multi-ap", passphrase="12345678")
++ hapd = hostapd.add_ap(apdev[0], params)
++
++ dev[0].connect("multi-ap", psk="12345678", multi_ap_backhaul_sta="1",
++ scan_freq="2412", wait_connect=False)
++ ev = dev[0].wait_event([ "CTRL-EVENT-DISCONNECTED",
++ "CTRL-EVENT-CONNECTED" ],
++ timeout=5)
++ dev[0].request("DISCONNECT")
++ if ev is None:
++ raise Exception("Connection result not reported")
++ if "CTRL-EVENT-DISCONNECTED" not in ev:
++ raise Exception("Unexpected connection result")
++
++def test_multi_ap_fronthaul_on_ap(dev, apdev):
++ """Multi-AP association attempt when only fronthaul BSS on AP"""
++ params = hostapd.wpa2_params(ssid="multi-ap", passphrase="12345678")
++ params["multi_ap"] = "2"
++ hapd = hostapd.add_ap(apdev[0], params)
++
++ dev[0].connect("multi-ap", psk="12345678", multi_ap_backhaul_sta="1",
++ scan_freq="2412", wait_connect=False)
++ ev = dev[0].wait_event([ "CTRL-EVENT-DISCONNECTED",
++ "CTRL-EVENT-CONNECTED",
++ "CTRL-EVENT-ASSOC-REJECT" ],
++ timeout=5)
++ dev[0].request("DISCONNECT")
++ if ev is None:
++ raise Exception("Connection result not reported")
++ if "CTRL-EVENT-ASSOC-REJECT" not in ev:
++ raise Exception("Association rejection not reported")
++ if "status_code=12" not in ev:
++ raise Exception("Unexpected association status code: " + ev)
+--- a/tests/hwsim/wpasupplicant.py
++++ b/tests/hwsim/wpasupplicant.py
+@@ -1031,7 +1031,8 @@ class WpaSupplicant:
+ "dpp_csign", "dpp_csign_expiry",
+ "dpp_netaccesskey", "dpp_netaccesskey_expiry",
+ "group_mgmt", "owe_group",
+- "roaming_consortium_selection" ]
++ "roaming_consortium_selection", "multi_ap_backhaul_sta" ]
++
+ for field in not_quoted:
+ if field in kwargs and kwargs[field]:
+ self.set_network(id, field, kwargs[field])
diff --git a/package/network/services/hostapd/patches/553-tests-refactor-test_multi_ap.patch b/package/network/services/hostapd/patches/553-tests-refactor-test_multi_ap.patch
new file mode 100644
index 0000000000..240407fd1c
--- /dev/null
+++ b/package/network/services/hostapd/patches/553-tests-refactor-test_multi_ap.patch
@@ -0,0 +1,72 @@
+From 0f5029ff41ef286aa7b3e4a3efd3f1a16be925e8 Mon Sep 17 00:00:00 2001
+From: "Arnout Vandecappelle (Essensium/Mind)" <arnout@mind.be>
+Date: Wed, 9 Jan 2019 18:41:08 +0100
+Subject: [PATCH] tests: refactor test_multi_ap
+
+With just one additional argument, the run_multi_ap_association function
+can be used for all tests.
+
+While we're at it, also move it to the top of the file.
+
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+---
+v4: new patch
+---
+ tests/hwsim/test_multi_ap.py | 30 +++++++++++-------------------
+ 1 file changed, 11 insertions(+), 19 deletions(-)
+
+--- a/tests/hwsim/test_multi_ap.py
++++ b/tests/hwsim/test_multi_ap.py
+@@ -6,6 +6,15 @@
+
+ import hostapd
+
++def run_multi_ap_association(dev, apdev, multi_ap, wait_connect=True):
++ params = hostapd.wpa2_params(ssid="multi-ap", passphrase="12345678")
++ if multi_ap:
++ params["multi_ap"] = str(multi_ap)
++ hapd = hostapd.add_ap(apdev[0], params)
++
++ dev[0].connect("multi-ap", psk="12345678", scan_freq="2412",
++ multi_ap_backhaul_sta="1", wait_connect=wait_connect)
++
+ def test_multi_ap_association(dev, apdev):
+ """Multi-AP association in backhaul BSS"""
+ run_multi_ap_association(dev, apdev, 1)
+@@ -28,21 +37,9 @@ def test_multi_ap_association_shared_bss
+ run_multi_ap_association(dev, apdev, 3)
+ dev[1].connect("multi-ap", psk="12345678", scan_freq="2412")
+
+-def run_multi_ap_association(dev, apdev, multi_ap):
+- params = hostapd.wpa2_params(ssid="multi-ap", passphrase="12345678")
+- params["multi_ap"] = str(multi_ap)
+- hapd = hostapd.add_ap(apdev[0], params)
+-
+- dev[0].connect("multi-ap", psk="12345678", multi_ap_backhaul_sta="1",
+- scan_freq="2412")
+-
+ def test_multi_ap_disabled_on_ap(dev, apdev):
+ """Multi-AP association attempt when disabled on AP"""
+- params = hostapd.wpa2_params(ssid="multi-ap", passphrase="12345678")
+- hapd = hostapd.add_ap(apdev[0], params)
+-
+- dev[0].connect("multi-ap", psk="12345678", multi_ap_backhaul_sta="1",
+- scan_freq="2412", wait_connect=False)
++ run_multi_ap_association(dev, apdev, 0, wait_connect=False)
+ ev = dev[0].wait_event([ "CTRL-EVENT-DISCONNECTED",
+ "CTRL-EVENT-CONNECTED" ],
+ timeout=5)
+@@ -54,12 +51,7 @@ def test_multi_ap_disabled_on_ap(dev, ap
+
+ def test_multi_ap_fronthaul_on_ap(dev, apdev):
+ """Multi-AP association attempt when only fronthaul BSS on AP"""
+- params = hostapd.wpa2_params(ssid="multi-ap", passphrase="12345678")
+- params["multi_ap"] = "2"
+- hapd = hostapd.add_ap(apdev[0], params)
+-
+- dev[0].connect("multi-ap", psk="12345678", multi_ap_backhaul_sta="1",
+- scan_freq="2412", wait_connect=False)
++ run_multi_ap_association(dev, apdev, 2, wait_connect=False)
+ ev = dev[0].wait_event([ "CTRL-EVENT-DISCONNECTED",
+ "CTRL-EVENT-CONNECTED",
+ "CTRL-EVENT-ASSOC-REJECT" ],
diff --git a/package/network/services/hostapd/patches/554-multi_ap-don-t-reject-backhaul-STA-on-fronhaul-BSS.patch b/package/network/services/hostapd/patches/554-multi_ap-don-t-reject-backhaul-STA-on-fronhaul-BSS.patch
new file mode 100644
index 0000000000..6c30a1793e
--- /dev/null
+++ b/package/network/services/hostapd/patches/554-multi_ap-don-t-reject-backhaul-STA-on-fronhaul-BSS.patch
@@ -0,0 +1,106 @@
+From 71b061b8a13791a1ed858d924e401541c8584030 Mon Sep 17 00:00:00 2001
+From: "Arnout Vandecappelle (Essensium/Mind)" <arnout@mind.be>
+Date: Wed, 9 Jan 2019 19:08:00 +0100
+Subject: [PATCH] multi_ap: don't reject backhaul STA on fronhaul BSS
+
+The Multi-AP specification only specifies that information elements have
+to be added to the association requests and responses; it doesn't
+specify anything about what should be done in case they are missing.
+Currently, we reject non-backhaul associations on a backhaul-only BSS,
+and non-fronthaul associations on a fronthaul-only BSS.
+
+However, this makes WPS fail when fronthaul and backhaul are separate
+SSIDs. Indeed, WPS for the backhaul link is performed on the *fronthaul*
+SSID. Thus, the association request used for WPS *will* contain the
+Multi-AP IE indicating a backhaul STA. Rejecting that association makes
+WPS fail.
+
+Therefore, accept a multi-AP backhaul STA association request on a
+fronthaul-only BSS. Still issue a warning about it, but only at level
+DEBUG intead of INFO. Also change the condition checking to make it
+clearer.
+
+While we're at it, also fix the handling of unexpected bits in the
+Multi-AP IE. 4 bits are reserved in the specification, so these
+certainly have to be ignored. The specification also doesn't say that
+setting one of the other bits is not allowed. Therefore, only report
+unexpected values in the Multi-AP IE, don't reject because of it.
+Note that a malformed IE (containing more than one byte) still triggers
+a rejection.
+
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+---
+v4: new patch
+
+Cfr. discussion on http://lists.infradead.org/pipermail/hostap/2019-January/039232.html
+and follow-ups.
+---
+ src/ap/ieee802_11.c | 38 +++++++++++++++++++-----------------
+ tests/hwsim/test_multi_ap.py | 6 ++----
+ 2 files changed, 22 insertions(+), 22 deletions(-)
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -2253,28 +2253,30 @@ static u16 check_multi_ap(struct hostapd
+ }
+ }
+
+- if (multi_ap_value == MULTI_AP_BACKHAUL_STA)
+- sta->flags |= WLAN_STA_MULTI_AP;
+-
+- if ((hapd->conf->multi_ap & BACKHAUL_BSS) &&
+- multi_ap_value == MULTI_AP_BACKHAUL_STA)
+- return WLAN_STATUS_SUCCESS;
+-
+- if (hapd->conf->multi_ap & FRONTHAUL_BSS) {
+- if (multi_ap_value == MULTI_AP_BACKHAUL_STA) {
+- hostapd_logger(hapd, sta->addr,
+- HOSTAPD_MODULE_IEEE80211,
+- HOSTAPD_LEVEL_INFO,
+- "Backhaul STA tries to associate with fronthaul-only BSS");
+- return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
+- }
+- return WLAN_STATUS_SUCCESS;
++ if (multi_ap_value && multi_ap_value != MULTI_AP_BACKHAUL_STA)
++ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
++ HOSTAPD_LEVEL_INFO,
++ "Multi-AP IE with unexpected value 0x%02x",
++ multi_ap_value);
++
++ if (!(multi_ap_value & MULTI_AP_BACKHAUL_STA)) {
++ if (hapd->conf->multi_ap & FRONTHAUL_BSS)
++ return WLAN_STATUS_SUCCESS;
++
++ hostapd_logger(hapd, sta->addr,
++ HOSTAPD_MODULE_IEEE80211,
++ HOSTAPD_LEVEL_INFO,
++ "Non-Multi-AP STA tries to associate with backhaul-only BSS");
++ return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
+ }
+
+- hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+- HOSTAPD_LEVEL_INFO,
+- "Non-Multi-AP STA tries to associate with backhaul-only BSS");
+- return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
++ if (!(hapd->conf->multi_ap & BACKHAUL_BSS))
++ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
++ HOSTAPD_LEVEL_DEBUG,
++ "Backhaul STA tries to associate with fronthaul-only BSS");
++
++ sta->flags |= WLAN_STA_MULTI_AP;
++ return WLAN_STATUS_SUCCESS;
+ }
+
+
+--- a/tests/hwsim/test_multi_ap.py
++++ b/tests/hwsim/test_multi_ap.py
+@@ -59,7 +59,5 @@ def test_multi_ap_fronthaul_on_ap(dev, a
+ dev[0].request("DISCONNECT")
+ if ev is None:
+ raise Exception("Connection result not reported")
+- if "CTRL-EVENT-ASSOC-REJECT" not in ev:
+- raise Exception("Association rejection not reported")
+- if "status_code=12" not in ev:
+- raise Exception("Unexpected association status code: " + ev)
++ if "CTRL-EVENT-DISCONNECTED" not in ev:
++ raise Exception("Unexpected connection result")
diff --git a/package/network/services/hostapd/patches/555-WPS-wps_build_wfa_ext-add-multi_ap_subelem-parameter.patch b/package/network/services/hostapd/patches/555-WPS-wps_build_wfa_ext-add-multi_ap_subelem-parameter.patch
new file mode 100644
index 0000000000..2a1dc76ac1
--- /dev/null
+++ b/package/network/services/hostapd/patches/555-WPS-wps_build_wfa_ext-add-multi_ap_subelem-parameter.patch
@@ -0,0 +1,342 @@
+From ad3c6faca118c23cdafef418dc27b3cee7d0e06e Mon Sep 17 00:00:00 2001
+From: "Arnout Vandecappelle (Essensium/Mind)" <arnout@mind.be>
+Date: Wed, 9 Jan 2019 19:19:26 +0100
+Subject: [PATCH] WPS: wps_build_wfa_ext(): add multi_ap_subelem parameter
+
+The Multi-AP specification adds a new subelement to the WFA extension
+element in the WPS exchange. Add an additional parameter to
+wps_build_wfa_ext() to add this subelement. The subelement is only added
+if the parameter is non-0. Note that we don't reuse the existing
+MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new
+WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types remains
+complete.
+
+For now, all callers set the multi_ap_subelem parameter to 0.
+
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+---
+v4: Split off from supplicant WPS patch
+
+Since the original patch from Davina Lyu didn't have this extra
+argument, I kept myself as the author of this patch.
+---
+ src/p2p/p2p_build.c | 2 +-
+ src/wps/wps.c | 6 +++---
+ src/wps/wps_attr_build.c | 11 ++++++++++-
+ src/wps/wps_common.c | 16 ++++++++--------
+ src/wps/wps_defs.h | 3 ++-
+ src/wps/wps_enrollee.c | 10 +++++-----
+ src/wps/wps_er.c | 4 ++--
+ src/wps/wps_i.h | 3 ++-
+ src/wps/wps_registrar.c | 14 +++++++-------
+ src/wps/wps_upnp.c | 2 +-
+ 10 files changed, 41 insertions(+), 30 deletions(-)
+
+--- a/src/p2p/p2p_build.c
++++ b/src/p2p/p2p_build.c
+@@ -802,7 +802,7 @@ int p2p_build_wps_ie(struct p2p_data *p2
+ wpabuf_put_be16(buf, p2p->cfg->config_methods);
+ }
+
+- if (wps_build_wfa_ext(buf, 0, NULL, 0) < 0)
++ if (wps_build_wfa_ext(buf, 0, NULL, 0, 0) < 0)
+ return -1;
+
+ if (all_attr && p2p->cfg->num_sec_dev_types) {
+--- a/src/wps/wps.c
++++ b/src/wps/wps.c
+@@ -430,7 +430,7 @@ struct wpabuf * wps_build_assoc_req_ie(e
+
+ if (wps_build_version(ie) ||
+ wps_build_req_type(ie, req_type) ||
+- wps_build_wfa_ext(ie, 0, NULL, 0)) {
++ wps_build_wfa_ext(ie, 0, NULL, 0, 0)) {
+ wpabuf_free(ie);
+ return NULL;
+ }
+@@ -464,7 +464,7 @@ struct wpabuf * wps_build_assoc_resp_ie(
+
+ if (wps_build_version(ie) ||
+ wps_build_resp_type(ie, WPS_RESP_AP) ||
+- wps_build_wfa_ext(ie, 0, NULL, 0)) {
++ wps_build_wfa_ext(ie, 0, NULL, 0, 0)) {
+ wpabuf_free(ie);
+ return NULL;
+ }
+@@ -516,7 +516,7 @@ struct wpabuf * wps_build_probe_req_ie(u
+ wps_build_model_name(dev, ie) ||
+ wps_build_model_number(dev, ie) ||
+ wps_build_dev_name(dev, ie) ||
+- wps_build_wfa_ext(ie, req_type == WPS_REQ_ENROLLEE, NULL, 0) ||
++ wps_build_wfa_ext(ie, req_type == WPS_REQ_ENROLLEE, NULL, 0, 0) ||
+ wps_build_req_dev_type(dev, ie, num_req_dev_types, req_dev_types)
+ ||
+ wps_build_secondary_dev_type(dev, ie)
+--- a/src/wps/wps_attr_build.c
++++ b/src/wps/wps_attr_build.c
+@@ -203,7 +203,8 @@ int wps_build_version(struct wpabuf *msg
+
+
+ int wps_build_wfa_ext(struct wpabuf *msg, int req_to_enroll,
+- const u8 *auth_macs, size_t auth_macs_count)
++ const u8 *auth_macs, size_t auth_macs_count,
++ u8 multi_ap_subelem)
+ {
+ u8 *len;
+
+@@ -244,6 +245,14 @@ int wps_build_wfa_ext(struct wpabuf *msg
+ MAC2STR(&auth_macs[i * ETH_ALEN]));
+ }
+
++ if (multi_ap_subelem) {
++ wpa_printf(MSG_DEBUG, "WPS: * Multi-AP (0x%x)",
++ multi_ap_subelem);
++ wpabuf_put_u8(msg, WFA_ELEM_MULTI_AP);
++ wpabuf_put_u8(msg, 1); /* length */
++ wpabuf_put_u8(msg, multi_ap_subelem);
++ }
++
+ WPA_PUT_BE16(len, (u8 *) wpabuf_put(msg, 0) - len - 2);
+
+ #ifdef CONFIG_WPS_TESTING
+--- a/src/wps/wps_common.c
++++ b/src/wps/wps_common.c
+@@ -374,7 +374,7 @@ struct wpabuf * wps_get_oob_cred(struct
+ (rf_band && wps_build_rf_bands_attr(plain, rf_band)) ||
+ (channel && wps_build_ap_channel(plain, channel)) ||
+ wps_build_mac_addr(plain, wps->dev.mac_addr) ||
+- wps_build_wfa_ext(plain, 0, NULL, 0)) {
++ wps_build_wfa_ext(plain, 0, NULL, 0, 0)) {
+ os_free(data.new_psk);
+ wpabuf_clear_free(plain);
+ return NULL;
+@@ -421,7 +421,7 @@ struct wpabuf * wps_build_nfc_pw_token(u
+
+ if (wps_build_oob_dev_pw(data, dev_pw_id, pubkey,
+ wpabuf_head(dev_pw), wpabuf_len(dev_pw)) ||
+- wps_build_wfa_ext(data, 0, NULL, 0)) {
++ wps_build_wfa_ext(data, 0, NULL, 0, 0)) {
+ wpa_printf(MSG_ERROR, "WPS: Failed to build NFC password "
+ "token");
+ wpabuf_clear_free(data);
+@@ -586,7 +586,7 @@ struct wpabuf * wps_build_wsc_ack(struct
+ wps_build_msg_type(msg, WPS_WSC_ACK) ||
+ wps_build_enrollee_nonce(wps, msg) ||
+ wps_build_registrar_nonce(wps, msg) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0)) {
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
+@@ -610,7 +610,7 @@ struct wpabuf * wps_build_wsc_nack(struc
+ wps_build_enrollee_nonce(wps, msg) ||
+ wps_build_registrar_nonce(wps, msg) ||
+ wps_build_config_error(msg, wps->config_error) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0)) {
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
+@@ -726,7 +726,7 @@ struct wpabuf * wps_build_nfc_handover_r
+ if (wps_build_oob_dev_pw(msg, DEV_PW_NFC_CONNECTION_HANDOVER,
+ nfc_dh_pubkey, NULL, 0) ||
+ wps_build_uuid_e(msg, ctx->uuid) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0)) {
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
+@@ -809,7 +809,7 @@ struct wpabuf * wps_build_nfc_handover_s
+ wps_build_ssid(msg, ctx) ||
+ wps_build_ap_freq(msg, freq) ||
+ (bssid && wps_build_mac_addr(msg, bssid)) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0)) {
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
+@@ -848,7 +848,7 @@ struct wpabuf * wps_build_nfc_handover_r
+ wps_build_rf_bands(&ctx->dev, msg, 0) ||
+ wps_build_serial_number(&ctx->dev, msg) ||
+ wps_build_uuid_e(msg, ctx->uuid) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0)) {
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
+@@ -900,7 +900,7 @@ struct wpabuf * wps_build_nfc_handover_s
+ wps_build_rf_bands(&ctx->dev, msg, 0) ||
+ wps_build_serial_number(&ctx->dev, msg) ||
+ wps_build_uuid_e(msg, ctx->uuid) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0)) {
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
+--- a/src/wps/wps_defs.h
++++ b/src/wps/wps_defs.h
+@@ -152,7 +152,8 @@ enum {
+ WFA_ELEM_NETWORK_KEY_SHAREABLE = 0x02,
+ WFA_ELEM_REQUEST_TO_ENROLL = 0x03,
+ WFA_ELEM_SETTINGS_DELAY_TIME = 0x04,
+- WFA_ELEM_REGISTRAR_CONFIGURATION_METHODS = 0x05
++ WFA_ELEM_REGISTRAR_CONFIGURATION_METHODS = 0x05,
++ WFA_ELEM_MULTI_AP = 0x06
+ };
+
+ /* Device Password ID */
+--- a/src/wps/wps_enrollee.c
++++ b/src/wps/wps_enrollee.c
+@@ -152,7 +152,7 @@ static struct wpabuf * wps_build_m1(stru
+ wps_build_dev_password_id(msg, wps->dev_pw_id) ||
+ wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
+ wps_build_os_version(&wps->wps->dev, msg) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0) ||
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
+ wps_build_vendor_ext_m1(&wps->wps->dev, msg)) {
+ wpabuf_free(msg);
+ return NULL;
+@@ -190,7 +190,7 @@ static struct wpabuf * wps_build_m3(stru
+ wps_build_msg_type(msg, WPS_M3) ||
+ wps_build_registrar_nonce(wps, msg) ||
+ wps_build_e_hash(wps, msg) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0) ||
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
+ wps_build_authenticator(wps, msg)) {
+ wpabuf_free(msg);
+ return NULL;
+@@ -223,7 +223,7 @@ static struct wpabuf * wps_build_m5(stru
+ wps_build_e_snonce1(wps, plain) ||
+ wps_build_key_wrap_auth(wps, plain) ||
+ wps_build_encr_settings(wps, msg, plain) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0) ||
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
+ wps_build_authenticator(wps, msg)) {
+ wpabuf_clear_free(plain);
+ wpabuf_free(msg);
+@@ -393,7 +393,7 @@ static struct wpabuf * wps_build_m7(stru
+ (wps->wps->ap && wps_build_ap_settings(wps, plain)) ||
+ wps_build_key_wrap_auth(wps, plain) ||
+ wps_build_encr_settings(wps, msg, plain) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0) ||
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
+ wps_build_authenticator(wps, msg)) {
+ wpabuf_clear_free(plain);
+ wpabuf_free(msg);
+@@ -430,7 +430,7 @@ static struct wpabuf * wps_build_wsc_don
+ wps_build_msg_type(msg, WPS_WSC_DONE) ||
+ wps_build_enrollee_nonce(wps, msg) ||
+ wps_build_registrar_nonce(wps, msg) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0)) {
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
+--- a/src/wps/wps_er.c
++++ b/src/wps/wps_er.c
+@@ -1530,7 +1530,7 @@ void wps_er_set_sel_reg(struct wps_er *e
+ wps_er_build_selected_registrar(msg, sel_reg) ||
+ wps_er_build_dev_password_id(msg, dev_passwd_id) ||
+ wps_er_build_sel_reg_config_methods(msg, sel_reg_config_methods) ||
+- wps_build_wfa_ext(msg, 0, auth_macs, count) ||
++ wps_build_wfa_ext(msg, 0, auth_macs, count, 0) ||
+ wps_er_build_uuid_r(msg, er->wps->uuid)) {
+ wpabuf_free(msg);
+ return;
+@@ -2048,7 +2048,7 @@ struct wpabuf * wps_er_config_token_from
+ data.wps = wps;
+ data.use_cred = cred;
+ if (wps_build_cred(&data, ret) ||
+- wps_build_wfa_ext(ret, 0, NULL, 0)) {
++ wps_build_wfa_ext(ret, 0, NULL, 0, 0)) {
+ wpabuf_free(ret);
+ return NULL;
+ }
+--- a/src/wps/wps_i.h
++++ b/src/wps/wps_i.h
+@@ -163,7 +163,8 @@ int wps_build_encr_settings(struct wps_d
+ struct wpabuf *plain);
+ int wps_build_version(struct wpabuf *msg);
+ int wps_build_wfa_ext(struct wpabuf *msg, int req_to_enroll,
+- const u8 *auth_macs, size_t auth_macs_count);
++ const u8 *auth_macs, size_t auth_macs_count,
++ u8 multi_ap_subelem);
+ int wps_build_msg_type(struct wpabuf *msg, enum wps_msg_type msg_type);
+ int wps_build_enrollee_nonce(struct wps_data *wps, struct wpabuf *msg);
+ int wps_build_registrar_nonce(struct wps_data *wps, struct wpabuf *msg);
+--- a/src/wps/wps_registrar.c
++++ b/src/wps/wps_registrar.c
+@@ -1281,7 +1281,7 @@ static int wps_set_ie(struct wps_registr
+ wps_build_sel_reg_config_methods(reg, beacon) ||
+ wps_build_sel_pbc_reg_uuid_e(reg, beacon) ||
+ (reg->dualband && wps_build_rf_bands(&reg->wps->dev, beacon, 0)) ||
+- wps_build_wfa_ext(beacon, 0, auth_macs, count) ||
++ wps_build_wfa_ext(beacon, 0, auth_macs, count, 0) ||
+ wps_build_vendor_ext(&reg->wps->dev, beacon)) {
+ wpabuf_free(beacon);
+ wpabuf_free(probe);
+@@ -1311,7 +1311,7 @@ static int wps_set_ie(struct wps_registr
+ wps_build_device_attrs(&reg->wps->dev, probe) ||
+ wps_build_probe_config_methods(reg, probe) ||
+ (reg->dualband && wps_build_rf_bands(&reg->wps->dev, probe, 0)) ||
+- wps_build_wfa_ext(probe, 0, auth_macs, count) ||
++ wps_build_wfa_ext(probe, 0, auth_macs, count, 0) ||
+ wps_build_vendor_ext(&reg->wps->dev, probe)) {
+ wpabuf_free(beacon);
+ wpabuf_free(probe);
+@@ -1845,7 +1845,7 @@ static struct wpabuf * wps_build_m2(stru
+ wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
+ wps_build_dev_password_id(msg, wps->dev_pw_id) ||
+ wps_build_os_version(&wps->wps->dev, msg) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0)) {
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
+@@ -1913,7 +1913,7 @@ static struct wpabuf * wps_build_m2d(str
+ wps_build_assoc_state(wps, msg) ||
+ wps_build_config_error(msg, err) ||
+ wps_build_os_version(&wps->wps->dev, msg) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0)) {
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
+@@ -1949,7 +1949,7 @@ static struct wpabuf * wps_build_m4(stru
+ wps_build_r_snonce1(wps, plain) ||
+ wps_build_key_wrap_auth(wps, plain) ||
+ wps_build_encr_settings(wps, msg, plain) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0) ||
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
+ wps_build_authenticator(wps, msg)) {
+ wpabuf_clear_free(plain);
+ wpabuf_free(msg);
+@@ -1984,7 +1984,7 @@ static struct wpabuf * wps_build_m6(stru
+ wps_build_r_snonce2(wps, plain) ||
+ wps_build_key_wrap_auth(wps, plain) ||
+ wps_build_encr_settings(wps, msg, plain) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0) ||
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
+ wps_build_authenticator(wps, msg)) {
+ wpabuf_clear_free(plain);
+ wpabuf_free(msg);
+@@ -2021,7 +2021,7 @@ static struct wpabuf * wps_build_m8(stru
+ (!wps->wps->ap && !wps->er && wps_build_ap_settings(wps, plain)) ||
+ wps_build_key_wrap_auth(wps, plain) ||
+ wps_build_encr_settings(wps, msg, plain) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0) ||
++ wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
+ wps_build_authenticator(wps, msg)) {
+ wpabuf_clear_free(plain);
+ wpabuf_clear_free(msg);
+--- a/src/wps/wps_upnp.c
++++ b/src/wps/wps_upnp.c
+@@ -599,7 +599,7 @@ static struct wpabuf * build_fake_wsc_ac
+ wpabuf_put_be16(msg, ATTR_REGISTRAR_NONCE);
+ wpabuf_put_be16(msg, WPS_NONCE_LEN);
+ wpabuf_put(msg, WPS_NONCE_LEN);
+- if (wps_build_wfa_ext(msg, 0, NULL, 0)) {
++ if (wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
diff --git a/package/network/services/hostapd/patches/556-wpa_supplicant-support-Multi-AP-backhaul-STA-onboard.patch b/package/network/services/hostapd/patches/556-wpa_supplicant-support-Multi-AP-backhaul-STA-onboard.patch
new file mode 100644
index 0000000000..11c65c71a0
--- /dev/null
+++ b/package/network/services/hostapd/patches/556-wpa_supplicant-support-Multi-AP-backhaul-STA-onboard.patch
@@ -0,0 +1,217 @@
+From 6c4c98db9420a3321bbf091cfc254de5eba4b404 Mon Sep 17 00:00:00 2001
+From: Davina Lu <ylu@quantenna.com>
+Date: Tue, 15 Jan 2019 19:17:51 +0100
+Subject: [PATCH] wpa_supplicant: support Multi-AP backhaul STA onboarding
+
+The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
+backhaul STA through WPS. To enable this, the backhaul STA needs to add
+a Multi-AP IE to the WFA vendor extension element in the WSC M1 message
+that indicates it supports the Multi-AP backhaul STA role. The registrar
+(if it support Multi-AP onboarding) will respond to that with a WSC M8
+message that also contains the Multi-AP IE, and that contains the
+credentials for the backhaul SSID (which may be different from the SSID
+on which WPS is performed).
+
+Introduce a new parameter to wpas_wps_start_pbc() and allow it to be
+set via control interface's new multi_ap=1 parameter of WPS_PBC call.
+multi_ap_backhaul_sta is set to 1 in the automatically created SSID.
+Thus, if the AP does not support Multi-AP, association will fail and
+WPS will be terminated.
+
+Only wps_pbc is supported.
+
+The multi_ap argument is only added to the socket interface, not to the
+dbus interface.
+
+Signed-off-by: Davina Lu <ylu@quantenna.com>
+Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+v4: use argument to wps_pbc instead of a global configuration option
+ (requested by Jouni)
+---
+ src/eap_peer/eap_wsc.c | 3 +++
+ src/wps/wps.h | 6 ++++++
+ src/wps/wps_enrollee.c | 6 +++++-
+ wpa_supplicant/ctrl_iface.c | 5 ++++-
+ wpa_supplicant/dbus/dbus_new_handlers_wps.c | 2 +-
+ wpa_supplicant/dbus/dbus_old_handlers_wps.c | 4 ++--
+ wpa_supplicant/events.c | 2 +-
+ wpa_supplicant/p2p_supplicant.c | 2 +-
+ wpa_supplicant/wps_supplicant.c | 9 +++++++--
+ wpa_supplicant/wps_supplicant.h | 2 +-
+ 10 files changed, 31 insertions(+), 10 deletions(-)
+
+--- a/src/eap_peer/eap_wsc.c
++++ b/src/eap_peer/eap_wsc.c
+@@ -274,6 +274,9 @@ static void * eap_wsc_init(struct eap_sm
+ cfg.pin, cfg.pin_len, 0);
+ }
+
++ if (os_strstr(phase1, "multi_ap=1"))
++ wps->multi_ap_backhaul_sta = 1;
++
+ /* Use reduced client timeout for WPS to avoid long wait */
+ if (sm->ClientTimeout > 30)
+ sm->ClientTimeout = 30;
+--- a/src/wps/wps.h
++++ b/src/wps/wps.h
+@@ -613,6 +613,12 @@ struct wps_context {
+ int ap_setup_locked;
+
+ /**
++ * multi_ap_backhaul_sta - Whether this is a Multi-AP backhaul STA
++ * enrollee
++ */
++ int multi_ap_backhaul_sta;
++
++ /**
+ * uuid - Own UUID
+ */
+ u8 uuid[16];
+--- a/src/wps/wps_enrollee.c
++++ b/src/wps/wps_enrollee.c
+@@ -105,6 +105,7 @@ static struct wpabuf * wps_build_m1(stru
+ {
+ struct wpabuf *msg;
+ u16 config_methods;
++ u8 multi_ap_backhaul_sta = 0;
+
+ if (random_get_bytes(wps->nonce_e, WPS_NONCE_LEN) < 0)
+ return NULL;
+@@ -134,6 +135,9 @@ static struct wpabuf * wps_build_m1(stru
+ WPS_CONFIG_PHY_PUSHBUTTON);
+ }
+
++ if (wps->wps->multi_ap_backhaul_sta)
++ multi_ap_backhaul_sta = MULTI_AP_BACKHAUL_STA;
++
+ if (wps_build_version(msg) ||
+ wps_build_msg_type(msg, WPS_M1) ||
+ wps_build_uuid_e(msg, wps->uuid_e) ||
+@@ -152,7 +156,7 @@ static struct wpabuf * wps_build_m1(stru
+ wps_build_dev_password_id(msg, wps->dev_pw_id) ||
+ wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
+ wps_build_os_version(&wps->wps->dev, msg) ||
+- wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
++ wps_build_wfa_ext(msg, 0, NULL, 0, multi_ap_backhaul_sta) ||
+ wps_build_vendor_ext_m1(&wps->wps->dev, msg)) {
+ wpabuf_free(msg);
+ return NULL;
+--- a/wpa_supplicant/ctrl_iface.c
++++ b/wpa_supplicant/ctrl_iface.c
+@@ -1167,6 +1167,7 @@ static int wpa_supplicant_ctrl_iface_wps
+ #ifdef CONFIG_AP
+ u8 *_p2p_dev_addr = NULL;
+ #endif /* CONFIG_AP */
++ int multi_ap = 0;
+
+ if (cmd == NULL || os_strcmp(cmd, "any") == 0) {
+ _bssid = NULL;
+@@ -1184,6 +1185,8 @@ static int wpa_supplicant_ctrl_iface_wps
+ wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_PBC: invalid BSSID '%s'",
+ cmd);
+ return -1;
++ } else if (os_strncmp(cmd, "multi_ap=", 9) == 0) {
++ multi_ap = atoi(cmd + 9);
+ }
+
+ #ifdef CONFIG_AP
+@@ -1191,7 +1194,7 @@ static int wpa_supplicant_ctrl_iface_wps
+ return wpa_supplicant_ap_wps_pbc(wpa_s, _bssid, _p2p_dev_addr);
+ #endif /* CONFIG_AP */
+
+- return wpas_wps_start_pbc(wpa_s, _bssid, 0);
++ return wpas_wps_start_pbc(wpa_s, _bssid, 0, multi_ap);
+ }
+
+
+--- a/wpa_supplicant/dbus/dbus_new_handlers_wps.c
++++ b/wpa_supplicant/dbus/dbus_new_handlers_wps.c
+@@ -289,7 +289,7 @@ DBusMessage * wpas_dbus_handler_wps_star
+ if (ret > 0)
+ os_snprintf(npin, sizeof(npin), "%08d", ret);
+ } else {
+- ret = wpas_wps_start_pbc(wpa_s, params.bssid, 0);
++ ret = wpas_wps_start_pbc(wpa_s, params.bssid, 0, 0);
+ }
+
+ if (ret < 0) {
+--- a/wpa_supplicant/dbus/dbus_old_handlers_wps.c
++++ b/wpa_supplicant/dbus/dbus_old_handlers_wps.c
+@@ -37,9 +37,9 @@ DBusMessage * wpas_dbus_iface_wps_pbc(DB
+ return wpas_dbus_new_invalid_opts_error(message, NULL);
+
+ if (os_strcmp(arg_bssid, "any") == 0)
+- ret = wpas_wps_start_pbc(wpa_s, NULL, 0);
++ ret = wpas_wps_start_pbc(wpa_s, NULL, 0, 0);
+ else if (!hwaddr_aton(arg_bssid, bssid))
+- ret = wpas_wps_start_pbc(wpa_s, bssid, 0);
++ ret = wpas_wps_start_pbc(wpa_s, bssid, 0, 0);
+ else {
+ return wpas_dbus_new_invalid_opts_error(message,
+ "Invalid BSSID");
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -4816,7 +4816,7 @@ void supplicant_event(void *ctx, enum wp
+ break;
+ case EVENT_WPS_BUTTON_PUSHED:
+ #ifdef CONFIG_WPS
+- wpas_wps_start_pbc(wpa_s, NULL, 0);
++ wpas_wps_start_pbc(wpa_s, NULL, 0, 0);
+ #endif /* CONFIG_WPS */
+ break;
+ case EVENT_AVOID_FREQUENCIES:
+--- a/wpa_supplicant/p2p_supplicant.c
++++ b/wpa_supplicant/p2p_supplicant.c
+@@ -1649,7 +1649,7 @@ static void wpas_start_wps_enrollee(stru
+ wpa_supplicant_ap_deinit(wpa_s);
+ wpas_copy_go_neg_results(wpa_s, res);
+ if (res->wps_method == WPS_PBC) {
+- wpas_wps_start_pbc(wpa_s, res->peer_interface_addr, 1);
++ wpas_wps_start_pbc(wpa_s, res->peer_interface_addr, 1, 0);
+ #ifdef CONFIG_WPS_NFC
+ } else if (res->wps_method == WPS_NFC) {
+ wpas_wps_start_nfc(wpa_s, res->peer_device_addr,
+--- a/wpa_supplicant/wps_supplicant.c
++++ b/wpa_supplicant/wps_supplicant.c
+@@ -1137,9 +1137,10 @@ static void wpas_wps_reassoc(struct wpa_
+
+
+ int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
+- int p2p_group)
++ int p2p_group, int multi_ap_backhaul_sta)
+ {
+ struct wpa_ssid *ssid;
++ char phase1[32];
+
+ #ifdef CONFIG_AP
+ if (wpa_s->ap_iface) {
+@@ -1177,10 +1178,14 @@ int wpas_wps_start_pbc(struct wpa_suppli
+ }
+ }
+ #endif /* CONFIG_P2P */
+- if (wpa_config_set(ssid, "phase1", "\"pbc=1\"", 0) < 0)
++ if (os_snprintf(phase1, sizeof(phase1), "pbc=1%s",
++ multi_ap_backhaul_sta ? " multi_ap=1" : "") ||
++ wpa_config_set_quoted(ssid, "phase1", phase1) < 0)
+ return -1;
+ if (wpa_s->wps_fragment_size)
+ ssid->eap.fragment_size = wpa_s->wps_fragment_size;
++ if (multi_ap_backhaul_sta)
++ ssid->multi_ap_backhaul_sta = 1;
+ wpa_supplicant_wps_event(wpa_s, WPS_EV_PBC_ACTIVE, NULL);
+ eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
+ wpa_s, NULL);
+--- a/wpa_supplicant/wps_supplicant.h
++++ b/wpa_supplicant/wps_supplicant.h
+@@ -30,7 +30,7 @@ void wpas_wps_deinit(struct wpa_supplica
+ int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s);
+ enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid);
+ int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
+- int p2p_group);
++ int p2p_group, int multi_ap_backhaul_sta);
+ int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
+ const char *pin, int p2p_group, u16 dev_pw_id);
+ void wpas_wps_pbc_overlap(struct wpa_supplicant *wpa_s);
diff --git a/package/network/services/hostapd/patches/557-hostapd-support-Multi-AP-backhaul-STA-onboarding.patch b/package/network/services/hostapd/patches/557-hostapd-support-Multi-AP-backhaul-STA-onboarding.patch
new file mode 100644
index 0000000000..c5785e50c3
--- /dev/null
+++ b/package/network/services/hostapd/patches/557-hostapd-support-Multi-AP-backhaul-STA-onboarding.patch
@@ -0,0 +1,339 @@
+From 8b04a4cddbd6dbadb24279713af7ac677e80d342 Mon Sep 17 00:00:00 2001
+From: Davina Lu <ylu@quantenna.com>
+Date: Tue, 2 Oct 2018 18:34:14 -0700
+Subject: [PATCH] hostapd: support Multi-AP backhaul STA onboarding
+
+The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
+backhaul STA through WPS. To enable this, the WPS registrar offers a
+different set of credentials (backhaul credentials instead of fronthaul
+credentials) when the Multi-AP subelement is present in the WFA vendor
+extension element of the WSC M1 message.
+
+Add 3 new configuration options to specify the backhaul credentials for
+the hostapd internal registrar: multi_ap_backhaul_ssid,
+multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are
+only relevant for a fronthaul SSID, i.e. where multi_ap is set to 2 or
+3. When these options are set, pass the backhaul credentials instead of
+the normal credentials when the Multi-AP subelement is present.
+
+Ignore the Multi-AP subelement if the backhaul config options are not
+set. Note that for an SSID which is fronthaul and backhaul at the same
+time (i.e., multi_ap == 3), this results in the correct credentials
+being sent anyway.
+
+The security to be used for the backaul BSS is fixed to WPA2PSK. The
+Multi-AP Specification only allows Open and WPA2PSK networks to be
+configured. Although not stated explicitly, the backhaul link is
+intended to be always encrypted, hence WPA2PSK.
+
+To build the credentials, the credential-building code is essentially
+copied and simplified. Indeed, the backhaul credentials are always
+WPA2PSK and never use per-device PSK. All the options set for the
+fronthaul BSS WPS are simply ignored.
+
+Signed-off-by: Davina Lu <ylu@quantenna.com>
+Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+---
+v4: no change
+---
+ hostapd/config_file.c | 47 ++++++++++++++++++++++++++++++++++++++++
+ hostapd/hostapd.conf | 9 ++++++++
+ src/ap/ap_config.c | 2 ++
+ src/ap/ap_config.h | 1 +
+ src/ap/wps_hostapd.c | 26 ++++++++++++++++++++++
+ src/wps/wps.h | 32 +++++++++++++++++++++++++++
+ src/wps/wps_attr_parse.c | 11 ++++++++++
+ src/wps/wps_attr_parse.h | 1 +
+ src/wps/wps_dev_attr.c | 5 +++++
+ src/wps/wps_dev_attr.h | 1 +
+ src/wps/wps_registrar.c | 25 ++++++++++++++++++++-
+ 11 files changed, 159 insertions(+), 1 deletion(-)
+
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -3479,6 +3479,53 @@ static int hostapd_config_fill(struct ho
+ line, pos);
+ return 1;
+ }
++ } else if (os_strcmp(buf, "multi_ap_backhaul_ssid") == 0) {
++ size_t slen;
++ char *str = wpa_config_parse_string(pos, &slen);
++
++ if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) {
++ wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
++ line, pos);
++ os_free(str);
++ return 1;
++ }
++ os_memcpy(bss->multi_ap_backhaul_ssid.ssid, str, slen);
++ bss->multi_ap_backhaul_ssid.ssid_len = slen;
++ bss->multi_ap_backhaul_ssid.ssid_set = 1;
++ os_free(str);
++ } else if (os_strcmp(buf, "multi_ap_backhaul_wpa_passphrase") == 0) {
++ int len = os_strlen(pos);
++
++ if (len < 8 || len > 63) {
++ wpa_printf(MSG_ERROR,
++ "Line %d: invalid WPA passphrase length %d (expected 8..63)",
++ line, len);
++ return 1;
++ }
++ os_free(bss->multi_ap_backhaul_ssid.wpa_passphrase);
++ bss->multi_ap_backhaul_ssid.wpa_passphrase = os_strdup(pos);
++ if (bss->multi_ap_backhaul_ssid.wpa_passphrase) {
++ hostapd_config_clear_wpa_psk(&bss->multi_ap_backhaul_ssid.wpa_psk);
++ bss->multi_ap_backhaul_ssid.wpa_passphrase_set = 1;
++ }
++ } else if (os_strcmp(buf, "multi_ap_backhaul_wpa_psk") == 0) {
++ hostapd_config_clear_wpa_psk(&bss->multi_ap_backhaul_ssid.wpa_psk);
++ bss->multi_ap_backhaul_ssid.wpa_psk =
++ os_zalloc(sizeof(struct hostapd_wpa_psk));
++ if (bss->multi_ap_backhaul_ssid.wpa_psk == NULL)
++ return 1;
++ if (hexstr2bin(pos, bss->multi_ap_backhaul_ssid.wpa_psk->psk,
++ PMK_LEN) ||
++ pos[PMK_LEN * 2] != '\0') {
++ wpa_printf(MSG_ERROR, "Line %d: Invalid PSK '%s'.",
++ line, pos);
++ hostapd_config_clear_wpa_psk(&bss->multi_ap_backhaul_ssid.wpa_psk);
++ return 1;
++ }
++ bss->multi_ap_backhaul_ssid.wpa_psk->group = 1;
++ os_free(bss->multi_ap_backhaul_ssid.wpa_passphrase);
++ bss->multi_ap_backhaul_ssid.wpa_passphrase = NULL;
++ bss->multi_ap_backhaul_ssid.wpa_psk_set = 1;
+ } else if (os_strcmp(buf, "upnp_iface") == 0) {
+ os_free(bss->upnp_iface);
+ bss->upnp_iface = os_strdup(pos);
+--- a/hostapd/hostapd.conf
++++ b/hostapd/hostapd.conf
+@@ -1852,6 +1852,15 @@ own_ip_addr=127.0.0.1
+ # attribute.
+ #ap_settings=hostapd.ap_settings
+
++# Multi-AP backhaul BSS config
++# Used in WPS when multi_ap=2 or 3. Defines "backhaul BSS" credentials.
++# These are passed in WPS M8 instead of the normal (fronthaul) credentials
++# if the enrollee has the Multi-AP subelement set. Backhaul SSID is formatted
++# like ssid2. The key is set like wpa_psk or wpa_passphrase.
++#multi_ap_backhaul_ssid="backhaul"
++#multi_ap_backhaul_wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
++#multi_ap_backhaul_wpa_passphrase=secret passphrase
++
+ # WPS UPnP interface
+ # If set, support for external Registrars is enabled.
+ #upnp_iface=br0
+--- a/src/ap/ap_config.c
++++ b/src/ap/ap_config.c
+@@ -582,6 +582,8 @@ void hostapd_config_free_bss(struct host
+ os_free(conf->ap_pin);
+ os_free(conf->extra_cred);
+ os_free(conf->ap_settings);
++ hostapd_config_clear_wpa_psk(&conf->multi_ap_backhaul_ssid.wpa_psk);
++ str_clear_free(conf->multi_ap_backhaul_ssid.wpa_passphrase);
+ os_free(conf->upnp_iface);
+ os_free(conf->friendly_name);
+ os_free(conf->manufacturer_url);
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -456,6 +456,7 @@ struct hostapd_bss_config {
+ int force_per_enrollee_psk;
+ u8 *ap_settings;
+ size_t ap_settings_len;
++ struct hostapd_ssid multi_ap_backhaul_ssid;
+ char *upnp_iface;
+ char *friendly_name;
+ char *manufacturer_url;
+--- a/src/ap/wps_hostapd.c
++++ b/src/ap/wps_hostapd.c
+@@ -962,6 +962,7 @@ static void hostapd_free_wps(struct wps_
+ wpabuf_free(wps->dev.vendor_ext[i]);
+ wps_device_data_free(&wps->dev);
+ os_free(wps->network_key);
++ os_free(wps->multi_ap_backhaul_network_key);
+ hostapd_wps_nfc_clear(wps);
+ wpabuf_free(wps->dh_pubkey);
+ wpabuf_free(wps->dh_privkey);
+@@ -1131,6 +1132,31 @@ int hostapd_init_wps(struct hostapd_data
+ wps->encr_types_wpa = WPS_ENCR_AES | WPS_ENCR_TKIP;
+ }
+
++ if (hapd->conf->multi_ap & FRONTHAUL_BSS &&
++ hapd->conf->multi_ap_backhaul_ssid.ssid_len) {
++ wps->multi_ap_backhaul_ssid_len =
++ hapd->conf->multi_ap_backhaul_ssid.ssid_len;
++ os_memcpy(wps->multi_ap_backhaul_ssid,
++ hapd->conf->multi_ap_backhaul_ssid.ssid,
++ wps->multi_ap_backhaul_ssid_len);
++ if (conf->multi_ap_backhaul_ssid.wpa_passphrase) {
++ wps->multi_ap_backhaul_network_key =
++ (u8 *) os_strdup(conf->multi_ap_backhaul_ssid.wpa_passphrase);
++ wps->multi_ap_backhaul_network_key_len =
++ os_strlen(conf->multi_ap_backhaul_ssid.wpa_passphrase);
++ } else if (conf->multi_ap_backhaul_ssid.wpa_psk) {
++ wps->multi_ap_backhaul_network_key =
++ os_malloc(2 * PMK_LEN + 1);
++ if (wps->multi_ap_backhaul_network_key == NULL)
++ goto fail;
++ wpa_snprintf_hex((char *) wps->multi_ap_backhaul_network_key,
++ 2 * PMK_LEN + 1,
++ conf->multi_ap_backhaul_ssid.wpa_psk->psk,
++ PMK_LEN);
++ wps->multi_ap_backhaul_network_key_len = 2 * PMK_LEN;
++ }
++ }
++
+ wps->ap_settings = conf->ap_settings;
+ wps->ap_settings_len = conf->ap_settings_len;
+
+--- a/src/wps/wps.h
++++ b/src/wps/wps.h
+@@ -100,6 +100,7 @@ struct wps_device_data {
+ struct wpabuf *vendor_ext[MAX_WPS_VENDOR_EXTENSIONS];
+
+ int p2p;
++ u8 multi_ap_ext;
+ };
+
+ /**
+@@ -730,6 +731,37 @@ struct wps_context {
+ int psk_set;
+
+ /**
++ * multi_ap_backhaul_ssid - SSID to supply to a Multi-AP backhaul
++ * enrollee
++ *
++ * This SSID is used by the Registrar to fill in information for
++ * Credentials when the enrollee advertises it is a Multi-AP backhaul
++ * STA.
++ */
++ u8 multi_ap_backhaul_ssid[SSID_MAX_LEN];
++
++ /**
++ * multi_ap_backhaul_ssid_len - Length of multi_ap_backhaul_ssid in
++ * octets
++ */
++ size_t multi_ap_backhaul_ssid_len;
++
++ /**
++ * multi_ap_backhaul_network_key - The Network Key (PSK) for the
++ * Multi-AP backhaul enrollee.
++ *
++ * This key can be either the ASCII passphrase (8..63 characters) or the
++ * 32-octet PSK (64 hex characters).
++ */
++ u8 *multi_ap_backhaul_network_key;
++
++ /**
++ * multi_ap_backhaul_network_key_len - Length of
++ * multi_ap_backhaul_network_key in octets
++ */
++ size_t multi_ap_backhaul_network_key_len;
++
++ /**
+ * ap_settings - AP Settings override for M7 (only used at AP)
+ *
+ * If %NULL, AP Settings attributes will be generated based on the
+--- a/src/wps/wps_attr_parse.c
++++ b/src/wps/wps_attr_parse.c
+@@ -67,6 +67,17 @@ static int wps_set_vendor_ext_wfa_subele
+ }
+ attr->registrar_configuration_methods = pos;
+ break;
++ case WFA_ELEM_MULTI_AP:
++ if (len != 1) {
++ wpa_printf(MSG_DEBUG,
++ "WPS: Invalid Multi-AP Extension length %u",
++ len);
++ return -1;
++ }
++ attr->multi_ap_ext = *pos;
++ wpa_printf(MSG_DEBUG, "WPS: Multi-AP Extension 0x%02x",
++ attr->multi_ap_ext);
++ break;
+ default:
+ wpa_printf(MSG_MSGDUMP, "WPS: Skipped unknown WFA Vendor "
+ "Extension subelement %u", id);
+--- a/src/wps/wps_attr_parse.h
++++ b/src/wps/wps_attr_parse.h
+@@ -97,6 +97,7 @@ struct wps_parse_attr {
+ const u8 *cred[MAX_CRED_COUNT];
+ const u8 *req_dev_type[MAX_REQ_DEV_TYPE_COUNT];
+ const u8 *vendor_ext[MAX_WPS_PARSE_VENDOR_EXT];
++ u8 multi_ap_ext;
+ };
+
+ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr);
+--- a/src/wps/wps_dev_attr.c
++++ b/src/wps/wps_dev_attr.c
+@@ -389,6 +389,11 @@ int wps_process_os_version(struct wps_de
+ return 0;
+ }
+
++void wps_process_vendor_ext_m1(struct wps_device_data *dev, const u8 ext)
++{
++ dev->multi_ap_ext = ext;
++ wpa_printf(MSG_DEBUG, "WPS: Multi-AP extension value %02x", dev->multi_ap_ext);
++}
+
+ int wps_process_rf_bands(struct wps_device_data *dev, const u8 *bands)
+ {
+--- a/src/wps/wps_dev_attr.h
++++ b/src/wps/wps_dev_attr.h
+@@ -29,6 +29,7 @@ int wps_build_dev_name(struct wps_device
+ int wps_process_device_attrs(struct wps_device_data *dev,
+ struct wps_parse_attr *attr);
+ int wps_process_os_version(struct wps_device_data *dev, const u8 *ver);
++void wps_process_vendor_ext_m1(struct wps_device_data *dev, const u8 ext);
+ int wps_process_rf_bands(struct wps_device_data *dev, const u8 *bands);
+ void wps_device_data_free(struct wps_device_data *dev);
+ int wps_build_vendor_ext(struct wps_device_data *dev, struct wpabuf *msg);
+--- a/src/wps/wps_registrar.c
++++ b/src/wps/wps_registrar.c
+@@ -1588,7 +1588,6 @@ int wps_build_credential_wrap(struct wpa
+ return 0;
+ }
+
+-
+ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
+ {
+ struct wpabuf *cred;
+@@ -1603,6 +1602,29 @@ int wps_build_cred(struct wps_data *wps,
+ }
+ os_memset(&wps->cred, 0, sizeof(wps->cred));
+
++ if (wps->peer_dev.multi_ap_ext == MULTI_AP_BACKHAUL_STA &&
++ wps->wps->multi_ap_backhaul_ssid_len) {
++ wpa_printf(MSG_DEBUG, "WPS: Use backhaul STA credentials");
++ os_memcpy(wps->cred.ssid, wps->wps->multi_ap_backhaul_ssid,
++ wps->wps->multi_ap_backhaul_ssid_len);
++ wps->cred.ssid_len = wps->wps->multi_ap_backhaul_ssid_len;
++ /* Backhaul is always WPA2PSK */
++ wps->cred.auth_type = WPS_AUTH_WPA2PSK;
++ wps->cred.encr_type = WPS_ENCR_AES;
++ /* Set MAC address in the Credential to be the Enrollee's MAC
++ * address
++ */
++ os_memcpy(wps->cred.mac_addr, wps->mac_addr_e, ETH_ALEN);
++ if (wps->wps->multi_ap_backhaul_network_key) {
++ os_memcpy(wps->cred.key,
++ wps->wps->multi_ap_backhaul_network_key,
++ wps->wps->multi_ap_backhaul_network_key_len);
++ wps->cred.key_len =
++ wps->wps->multi_ap_backhaul_network_key_len;
++ }
++ goto use_provided;
++ }
++
+ os_memcpy(wps->cred.ssid, wps->wps->ssid, wps->wps->ssid_len);
+ wps->cred.ssid_len = wps->wps->ssid_len;
+
+@@ -2705,6 +2727,7 @@ static enum wps_process_res wps_process_
+ wps->use_psk_key = 1;
+ }
+ #endif /* WPS_WORKAROUNDS */
++ wps_process_vendor_ext_m1(&wps->peer_dev, attr->multi_ap_ext);
+
+ wps->state = SEND_M2;
+ return WPS_CONTINUE;
diff --git a/package/network/services/hostapd/patches/558-hostapd-add-README-MULTI-AP.patch b/package/network/services/hostapd/patches/558-hostapd-add-README-MULTI-AP.patch
new file mode 100644
index 0000000000..b8526b8b71
--- /dev/null
+++ b/package/network/services/hostapd/patches/558-hostapd-add-README-MULTI-AP.patch
@@ -0,0 +1,181 @@
+From bd733055a22c8ca3bcd7648bf716da2713b3d9f1 Mon Sep 17 00:00:00 2001
+From: "Arnout Vandecappelle (Essensium/Mind)" <arnout@mind.be>
+Date: Mon, 21 Jan 2019 16:44:06 +0100
+Subject: [PATCH] hostapd: add README-MULTI-AP
+
+Document what hostapd and wpa_supplicant do for Multi-AP.
+
+This is only included in hostapd, since a Multi-AP device is always an
+access point so it should have hostapd.
+
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+---
+v4: wps_pbc has multi_ap as a parameter instead of config option.
+---
+ hostapd/README-MULTI-AP | 160 ++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 160 insertions(+)
+ create mode 100644 hostapd/README-MULTI-AP
+
+--- /dev/null
++++ b/hostapd/README-MULTI-AP
+@@ -0,0 +1,160 @@
++hostapd, wpa_supplicant and the Multi-AP Specification
++======================================================
++
++This document describes how hostapd and wpa_supplicant can be configured to
++support the Multi-AP Specification.
++
++Introduction to Multi-AP
++------------------------
++
++The Wi-Fi Alliance Multi-AP Specification is the technical specification for
++Wi-Fi CERTIFIED EasyMesh(TM) [1], the Wi-Fi AllianceĀ® certification program for
++Multi-AP. It defines control protocols between Wi-FiĀ® access points (APs) to
++join them into a network with centralized control and operation. It is targeted
++only at routers (repeaters, gateways, ...), not at clients. Clients are not
++involved at all in the protocols.
++
++Most of the Multi-AP specification falls outside of the scope of
++hostapd/wpa_supplicant. hostapd/wpa_supplicant is only involved for the items
++summarized below. The rest of the protocol must be implemented by a separate
++daemon, e.g. prplMesh [2]. That daemon also needs to communicate with hostapd,
++e.g. to get a list of associated clients, but this can be done using the normal
++hostapd interfaces.
++
++hostapd/wpa_supplicant needs to be configured specifically to support:
++- the WPS onboarding process;
++- configuring backhaul links.
++
++The text below refers to "Multi-AP Specification v1.0" [3].
++
++
++Fronthaul and backhaul links
++----------------------------
++
++In a Multi-AP network, the central controller can configure the SSIDs on the
++devices that are joined into the network. These are called fronthaul SSIDs.
++From the point of view of hostapd, there is nothing special about these
++fronthaul SSIDs.
++
++In addition to fronthaul SSIDs, the controller can also configure backhaul
++links. A backhaul link is a link between two access point devices, giving
++internet access to access point devices that don't have a wired link. The
++Multi-AP specification doesn't dictate this, but typically the backhaul link
++will be bridged into a LAN together with (one of) the fronthaul SSID(s) and the
++wired Ethernet ports.
++
++A backhaul link must be treated specially by hostapd and wpa_supplicant. One
++side of the backhaul link is configured through the Multi-AP protocol as the
++"backhaul STA", i.e. the client side of the link. A backhaul STA is like any
++station and is handled appropriately by wpa_supplicant, but two additional
++features are required. It must send an additional information element in each
++(Re-)Association Request ([3], section 5.2, paragraph 4). In addition, it must
++use 4-address mode for all frames sent over this link ([3], section 14).
++Therefore, wpa_supplicant must be configured explicitly as the backhaul STA
++role, by setting 'multi_ap_backhaul_sta=1' in the network configuration block
++or when configuring the SSID through the client socket. When
++'multi_ap_backhaul_sta=1', wpa_supplicant includes the Multi-AP IE in
++(Re-)Association Request messages and verifies that it is included in the
++(Re-)Association Response. If it is not, association fails. If it is,
++wpa_supplicant sets 4-address mode for this interface through a driver
++callback.
++
++The AP side of the backhaul link is called a "backhaul SSID". Such an SSID must
++be handled specially by hostapd, because it must add an additional information
++element in each (Re-)Association Response, but only to stations that have
++identified themselves as backhaul stations ([3], section 5.2, paragraph 5-6).
++This is important because it is possible to use the same BSS and SSID for
++fronthaul and backhaul at the same time. The additional information element must
++only be used for frames sent to a backhaul STA, not to a normal STA. Also,
++frames sent to a backhaul STA must use 4-address mode, while frames sent to a
++normal STA (fronthaul, when it's a fronthaul and backhaul SSID) must use
++3-address mode.
++
++An SSID is configured in Multi-AP mode in hostapd by setting the 'multi_ap'
++configuration option to 1 (backhaul SSID), 2 (fronthaul SSID) or 3
++(simultaneous backhaul and fronthaul SSID). If this option is set, hostapd
++parses the Multi-AP information element in the Association Request. If the
++station is a backhaul STA and the SSID is configured as a backhaul SSID,
++hostapd sets up 4-address mode. Since there may be multiple stations connected
++simultaneously, and each of them has a different RA (receiver address), a VLAN
++is created for each backhaul STA and it is automatically added to a bridge.
++This is the same behavior as for WDS, and the relevant option ('bridge' or
++'wds_bridge') applies here as well.
++
++If 'multi_ap' is 1 (backhaul SSID only), any station that tries to associate
++without the Multi-AP information element will be denied.
++
++If 'multi_ap' is 2 (fronthaul SSID only), any station that tries to associate
++with the Multi-AP information element will be denied. That is also the only
++difference with 'multi_ap' set to 0: in the latter case, the Multi-AP
++information element is simply ignored.
++
++In summary, this is the end-to-end behaviour for a backhaul BSS (i.e.,
++multi_ap_backhaul_sta=1 in wpa_supplicant on STA, and multi_ap=1 or 3 in
++hostapd on AP). Note that point 1 means that hostapd must not be configured
++with WPS support on the backhaul BSS (multi_ap=1). hostapd does not check for
++that.
++
++1. Backhaul BSS beacons do not advertise WPS support (other than that, nothing
++ multi-ap specific).
++2. STA sends authentication req (nothing multi-ap specific).
++3. AP sends authentication resp (nothing multi-ap specific).
++4. STA sends association req with Multi-AP IE.
++5. AP send association resp with Multi-AP IE.
++6. STA and AP both use 4-address mode for data.
++
++
++WPS support
++-----------
++
++WPS requires more special handling. WPS must only be advertised on fronthaul
++SSIDs, not on backhaul SSIDs, so WPS should not be enabled on a backhaul-only
++SSID in hostapd.conf. The WPS configuration purely works on the fronthaul SSID.
++When a WPS M1 message has an additional subelement that indicates a request for
++a multi-AP backhaul link, hostapd must not respond with the normal fronthaul
++SSID credentials; instead, it should respond with the (potentially different)
++backhaul SSID credentials.
++
++To support this, hostapd has the 'multi_ap_backhaul_ssid',
++'multi_ap_backhaul_wpa_psk' and 'multi_ap_backhaul_wpa_passphrase' options.
++When these are set on an SSID with WPS, they are used instead of the normal
++credentials when hostapd receives a WPS M1 message with the Multi-AP IE. Only
++WPA2 Personal is supported in the Multi-AP specification, so there is no need
++to specify authentication or encryption options. For the backhaul credentials,
++per-device PSK is not supported.
++
++If the SSID is a simultaneous backhaul and fronthaul SSID, there is no need to
++specify the backhaul credentials, since the backhaul and fronthaul credentials
++are identical.
++
++To enable the Multi-AP backhaul STA feature when it performs WPS, a new
++parameter has been introduced to the WPS_PBC control interface call.
++When this option is set, it adds the multi-AP backhaul subelement to
++the association and M1 messages. It then configures the new SSID with
++'multi_ap_backhaul_sta=1'. Note that this means that if the AP does not
++follow the Multi-AP specification, wpa_supplicant will fail to
++associate.
++
++In summary, this is the end-to-end behaviour for WPS of a backhaul link (i.e.,
++multi_ap=1 option is given in the wps_pbc call on the STA side, and multi_ap=2
++and multi_ap_backhaul_ssid and either multi_ap_backhaul_wpa_psk or
++multi_ap_backhaul_wpa_passphrase are set to the credentials of a backhaul SSID
++in hostapd on registrar AP).
++
++1. Fronthaul BSS beacons advertise WPS support (nothing multi-ap specific).
++2. Enrollee sends authentication req (nothing multi-ap specific).
++3. AP sends authentication resp (nothing multi-ap specific).
++4. Enrollee sends association req with Multi-AP IE.
++5. AP send association resp with Multi-AP IE.
++6. Enrollee sends M1 with additional Multi-AP subelement
++7. AP sends M8 with backhaul instead of fronthaul credentials.
++8. Enrollee sends Deauth.
++
++
++References
++----------
++
++[1] https://www.wi-fi.org/discover-wi-fi/wi-fi-easymesh
++[2] https://github.com/prplfoundation/prplMesh
++[3] https://www.wi-fi.org/file/multi-ap-specification-v10
++ (requires registration)
diff --git a/package/network/services/hostapd/patches/559-tests-add-WPS-tests-to-multi_ap-hwsim-tests.patch b/package/network/services/hostapd/patches/559-tests-add-WPS-tests-to-multi_ap-hwsim-tests.patch
new file mode 100644
index 0000000000..3a121ba911
--- /dev/null
+++ b/package/network/services/hostapd/patches/559-tests-add-WPS-tests-to-multi_ap-hwsim-tests.patch
@@ -0,0 +1,182 @@
+From 0729e01f5830ebf4701f0b1b7ff1bd2a2eedae40 Mon Sep 17 00:00:00 2001
+From: "Arnout Vandecappelle (Essensium/Mind)" <arnout@mind.be>
+Date: Tue, 12 Feb 2019 11:02:42 +0100
+Subject: [PATCH] tests: add WPS tests to multi_ap hwsim tests
+
+Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
+---
+v4: new patch
+---
+ tests/hwsim/test_multi_ap.py | 164 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 164 insertions(+)
+
+--- a/tests/hwsim/test_multi_ap.py
++++ b/tests/hwsim/test_multi_ap.py
+@@ -61,3 +61,167 @@ def test_multi_ap_fronthaul_on_ap(dev, a
+ raise Exception("Connection result not reported")
+ if "CTRL-EVENT-DISCONNECTED" not in ev:
+ raise Exception("Unexpected connection result")
++
++def run_multi_ap_wps(dev, apdev, params, multi_ap_bssid = None):
++ """Helper for running Multi-AP WPS tests
++
++ dev[0] does multi_ap WPS, dev[1] does normal WPS. apdev[0] is the fronthaul
++ BSS. If there is a separate backhaul BSS, it must have been set up by the
++ caller. params are the normal SSID parameters, they will be extended with
++ the WPS parameters. multi_ap_bssid must be given if it is not equal to the
++ fronthaul BSSID."""
++
++ if multi_ap_bssid is None:
++ multi_ap_bssid = apdev[0]['bssid']
++ params.update({"wps_state": "2", "eap_server": "1"})
++
++ # WPS with multi-ap station dev[0]
++ hapd = hostapd.add_ap(apdev[0], params)
++ hapd.request("WPS_PBC")
++ if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
++ raise Exception("PBC status not shown correctly")
++
++ dev[0].request("WPS_PBC multi_ap=1")
++ dev[0].wait_connected(timeout=20)
++ status = dev[0].get_status()
++ if status['wpa_state'] != 'COMPLETED' or status['bssid'] != multi_ap_bssid:
++ raise Exception("Not fully connected")
++ if status['ssid'] != params['multi_ap_backhaul_ssid'].strip('"'):
++ raise Exception("Unexpected SSID %s != %s" % (status['ssid'], params["multi_ap_backhaul_ssid"]))
++ if status['pairwise_cipher'] != 'CCMP':
++ raise Exception("Unexpected encryption configuration %s" % status['pairwise_cipher'])
++ if status['key_mgmt'] != 'WPA2-PSK':
++ raise Exception("Unexpected key_mgmt")
++
++ status = hapd.request("WPS_GET_STATUS")
++ if "PBC Status: Disabled" not in status:
++ raise Exception("PBC status not shown correctly")
++ if "Last WPS result: Success" not in status:
++ raise Exception("Last WPS result not shown correctly")
++ if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
++ raise Exception("Peer address not shown correctly")
++
++ if len(dev[0].list_networks()) != 1:
++ raise Exception("Unexpected number of network blocks")
++
++ # WPS with non-multi-ap station dev[1]
++ hapd.request("WPS_PBC")
++ if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
++ raise Exception("PBC status not shown correctly")
++
++ dev[1].request("WPS_PBC")
++ dev[1].wait_connected(timeout=20)
++ status = dev[1].get_status()
++ if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
++ raise Exception("Not fully connected")
++ if status['ssid'] != params["ssid"]:
++ raise Exception("Unexpected SSID")
++ # Fronthaul may be something else than WPA2-PSK so don't test it.
++
++ status = hapd.request("WPS_GET_STATUS")
++ if "PBC Status: Disabled" not in status:
++ raise Exception("PBC status not shown correctly")
++ if "Last WPS result: Success" not in status:
++ raise Exception("Last WPS result not shown correctly")
++ if "Peer Address: " + dev[1].p2p_interface_addr() not in status:
++ raise Exception("Peer address not shown correctly")
++
++ if len(dev[1].list_networks()) != 1:
++ raise Exception("Unexpected number of network blocks")
++
++
++def test_multi_ap_wps_shared(dev, apdev):
++ """WPS on shared fronthaul/backhaul AP"""
++ ssid = "multi-ap-wps"
++ passphrase = "12345678"
++ params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
++ params.update({"multi_ap": "3",
++ "multi_ap_backhaul_ssid": '"%s"' % ssid,
++ "multi_ap_backhaul_wpa_passphrase": passphrase})
++ run_multi_ap_wps(dev, apdev, params)
++
++def test_multi_ap_wps_shared_psk(dev, apdev):
++ """WPS on shared fronthaul/backhaul AP using PSK"""
++ ssid = "multi-ap-wps"
++ psk = "1234567890abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
++ params = hostapd.wpa2_params(ssid=ssid)
++ params.update({"wpa_psk": psk, "multi_ap": "3",
++ "multi_ap_backhaul_ssid": '"%s"' % ssid,
++ "multi_ap_backhaul_wpa_psk": psk})
++ run_multi_ap_wps(dev, apdev, params)
++
++def test_multi_ap_wps_split(dev, apdev):
++ """WPS on split fronthaul and backhaul AP"""
++ backhaul_ssid = "multi-ap-backhaul-wps"
++ backhaul_passphrase = "87654321"
++ params = hostapd.wpa2_params(ssid="multi-ap-fronthaul-wps", passphrase="12345678")
++ params.update({"multi_ap": "2",
++ "multi_ap_backhaul_ssid": '"%s"' % backhaul_ssid,
++ "multi_ap_backhaul_wpa_passphrase": backhaul_passphrase})
++ params_backhaul = hostapd.wpa2_params(ssid=backhaul_ssid, passphrase=backhaul_passphrase)
++ params_backhaul.update({"multi_ap": "1"})
++ hapd_backhaul = hostapd.add_ap(apdev[1], params_backhaul)
++
++ run_multi_ap_wps(dev, apdev, params, hapd_backhaul.own_addr())
++
++def test_multi_ap_wps_split_psk(dev, apdev):
++ """WPS on split fronthaul and backhaul AP"""
++ backhaul_ssid = "multi-ap-backhaul-wps"
++ backhaul_psk = "1234567890abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
++ params = hostapd.wpa2_params(ssid="multi-ap-fronthaul-wps", passphrase="12345678")
++ params.update({"multi_ap": "2",
++ "multi_ap_backhaul_ssid": '"%s"' % backhaul_ssid,
++ "multi_ap_backhaul_wpa_psk": backhaul_psk})
++ params_backhaul = hostapd.wpa2_params(ssid=backhaul_ssid)
++ params_backhaul.update({"multi_ap": "1", "wpa_psk": backhaul_psk})
++ hapd_backhaul = hostapd.add_ap(apdev[1], params_backhaul)
++
++ run_multi_ap_wps(dev, apdev, params, hapd_backhaul.own_addr())
++
++def test_multi_ap_wps_split_mixed(dev, apdev):
++ """WPS on split fronthaul and backhaul AP with mixed-mode fronthaul"""
++ backhaul_ssid = "multi-ap-backhaul-wps"
++ backhaul_passphrase = "87654321"
++ params = hostapd.wpa_mixed_params(ssid="multi-ap-fronthaul-wps", passphrase="12345678")
++ params.update({"multi_ap": "2",
++ "multi_ap_backhaul_ssid": '"%s"' % backhaul_ssid,
++ "multi_ap_backhaul_wpa_passphrase": backhaul_passphrase})
++ params_backhaul = hostapd.wpa2_params(ssid=backhaul_ssid, passphrase=backhaul_passphrase)
++ params_backhaul.update({"multi_ap": "1"})
++ hapd_backhaul = hostapd.add_ap(apdev[1], params_backhaul)
++
++ run_multi_ap_wps(dev, apdev, params, hapd_backhaul.own_addr())
++
++def test_multi_ap_wps_split_open(dev, apdev):
++ """WPS on split fronthaul and backhaul AP with open fronthaul"""
++ backhaul_ssid = "multi-ap-backhaul-wps"
++ backhaul_passphrase = "87654321"
++ params = {"ssid": "multi-ap-wps-fronthaul", "multi_ap": "2",
++ "multi_ap_backhaul_ssid": '"%s"' % backhaul_ssid,
++ "multi_ap_backhaul_wpa_passphrase": backhaul_passphrase}
++ params_backhaul = hostapd.wpa2_params(ssid=backhaul_ssid, passphrase=backhaul_passphrase)
++ params_backhaul.update({"multi_ap": "1"})
++ hapd_backhaul = hostapd.add_ap(apdev[1], params_backhaul)
++
++ run_multi_ap_wps(dev, apdev, params, hapd_backhaul.own_addr())
++
++def test_multi_ap_wps_fail_non_multi_ap(dev, apdev):
++ """Multi-AP WPS on non-WPS AP fails"""
++
++ params = hostapd.wpa2_params(ssid="non-multi-ap-wps", passphrase="12345678")
++ params.update({"wps_state": "2", "eap_server": "1"})
++
++ hapd = hostapd.add_ap(apdev[0], params)
++ hapd.request("WPS_PBC")
++ if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
++ raise Exception("PBC status not shown correctly")
++
++ dev[0].request("WPS_PBC multi_ap=1")
++ # Since we will fail to associate and WPS doesn't even get started, there
++ # isn't much we can do except wait for timeout. For PBC, it is not possible
++ # to change the timeout from 2 minutes. Instead of waiting for the timeout,
++ # just check that WPS doesn't finish within reasonable time.
++ ev = dev[0].wait_event(["WPS-SUCCESS", "WPS-FAIL"], timeout=20)
++ if ev:
++ raise Exception("WPS operation completed: " + ev)
++ dev[0].request("WPS_CANCEL")
diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index a70f8861ac..db037c6491 100644
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -92,7 +92,7 @@
__func__, driver, drv_priv);
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
-@@ -1743,12 +1743,13 @@ ieee802_11_set_radius_info(struct hostap
+@@ -1759,12 +1759,13 @@ ieee802_11_set_radius_info(struct hostap
static void handle_auth(struct hostapd_data *hapd,
@@ -108,7 +108,7 @@
u16 fc;
const u8 *challenge = NULL;
u32 session_timeout, acct_interim_interval;
-@@ -1759,6 +1760,11 @@ static void handle_auth(struct hostapd_d
+@@ -1775,6 +1776,11 @@ static void handle_auth(struct hostapd_d
char *identity = NULL;
char *radius_cui = NULL;
u16 seq_ctrl;
@@ -120,7 +120,7 @@
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -1919,6 +1925,13 @@ static void handle_auth(struct hostapd_d
+@@ -1935,6 +1941,13 @@ static void handle_auth(struct hostapd_d
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
@@ -134,7 +134,7 @@
if (res == HOSTAPD_ACL_PENDING)
return;
-@@ -3210,12 +3223,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
+@@ -3287,12 +3300,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
static void handle_assoc(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
@@ -149,7 +149,7 @@
struct sta_info *sta;
u8 *tmp = NULL;
struct hostapd_sta_wpa_psk_short *psk = NULL;
-@@ -3224,6 +3237,11 @@ static void handle_assoc(struct hostapd_
+@@ -3301,6 +3314,11 @@ static void handle_assoc(struct hostapd_
#ifdef CONFIG_FILS
int delay_assoc = 0;
#endif /* CONFIG_FILS */
@@ -161,7 +161,7 @@
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
sizeof(mgmt->u.assoc_req))) {
-@@ -3395,6 +3413,14 @@ static void handle_assoc(struct hostapd_
+@@ -3472,6 +3490,14 @@ static void handle_assoc(struct hostapd_
}
#endif /* CONFIG_MBO */
@@ -176,7 +176,7 @@
/*
* sta->capability is used in check_assoc_ies() for RRM enabled
* capability element.
-@@ -3608,6 +3634,7 @@ static void handle_disassoc(struct hosta
+@@ -3685,6 +3711,7 @@ static void handle_disassoc(struct hosta
wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
MAC2STR(mgmt->sa),
le_to_host16(mgmt->u.disassoc.reason_code));
@@ -184,7 +184,7 @@
sta = ap_get_sta(hapd, mgmt->sa);
if (sta == NULL) {
-@@ -3673,6 +3700,8 @@ static void handle_deauth(struct hostapd
+@@ -3750,6 +3777,8 @@ static void handle_deauth(struct hostapd
" reason_code=%d",
MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
@@ -193,7 +193,7 @@
sta = ap_get_sta(hapd, mgmt->sa);
if (sta == NULL) {
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
-@@ -4000,7 +4029,7 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -4077,7 +4106,7 @@ int ieee802_11_mgmt(struct hostapd_data
if (stype == WLAN_FC_STYPE_PROBE_REQ) {
@@ -202,7 +202,7 @@
return 1;
}
-@@ -4020,17 +4049,17 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -4097,17 +4126,17 @@ int ieee802_11_mgmt(struct hostapd_data
switch (stype) {
case WLAN_FC_STYPE_AUTH:
wpa_printf(MSG_DEBUG, "mgmt::auth");
@@ -368,7 +368,7 @@
CFLAGS += -DCONFIG_WNM_AP
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -6062,6 +6062,8 @@ struct wpa_supplicant * wpa_supplicant_a
+@@ -6080,6 +6080,8 @@ struct wpa_supplicant * wpa_supplicant_a
}
#endif /* CONFIG_P2P */
@@ -377,7 +377,7 @@
return wpa_s;
}
-@@ -6088,6 +6090,8 @@ int wpa_supplicant_remove_iface(struct w
+@@ -6106,6 +6108,8 @@ int wpa_supplicant_remove_iface(struct w
struct wpa_supplicant *parent = wpa_s->parent;
#endif /* CONFIG_MESH */
diff --git a/package/network/services/hostapd/src/wpa_supplicant/ubus.c b/package/network/services/hostapd/src/wpa_supplicant/ubus.c
index d4ed8e222a..5fdb57be7a 100644
--- a/package/network/services/hostapd/src/wpa_supplicant/ubus.c
+++ b/package/network/services/hostapd/src/wpa_supplicant/ubus.c
@@ -96,6 +96,15 @@ wpas_bss_get_features(struct ubus_context *ctx, struct ubus_object *obj,
}
#ifdef CONFIG_WPS
+enum {
+ WPS_START_MULTI_AP,
+ __WPS_START_MAX
+};
+
+static const struct blobmsg_policy wps_start_policy[] = {
+ [WPS_START_MULTI_AP] = { "multi_ap", BLOBMSG_TYPE_BOOL },
+};
+
static int
wpas_bss_wps_start(struct ubus_context *ctx, struct ubus_object *obj,
struct ubus_request_data *req, const char *method,
@@ -103,8 +112,15 @@ wpas_bss_wps_start(struct ubus_context *ctx, struct ubus_object *obj,
{
int rc;
struct wpa_supplicant *wpa_s = get_wpas_from_object(obj);
+ struct blob_attr *tb[__WPS_START_MAX], *cur;
+ int multi_ap = 0;
+
+ blobmsg_parse(wps_start_policy, __WPS_START_MAX, tb, blobmsg_data(msg), blobmsg_data_len(msg));
+
+ if (tb[WPS_START_MULTI_AP])
+ multi_ap = blobmsg_get_bool(tb[WPS_START_MULTI_AP]);
- rc = wpas_wps_start_pbc(wpa_s, NULL, 0);
+ rc = wpas_wps_start_pbc(wpa_s, NULL, 0, multi_ap);
if (rc != 0)
return UBUS_STATUS_NOT_SUPPORTED;