aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStijn Tintel <stijn@linux-ipv6.be>2023-08-04 10:03:10 +0300
committerHauke Mehrtens <hauke@hauke-m.de>2023-08-19 16:01:06 +0200
commit5deed175a5a3fb7a550eae60f5bfdc15180def6c (patch)
tree1f85aae9879684bf1763c5d1e0476cf439ec8ed9
parenta506859f60d2a7d5756987602a550d920f17da4d (diff)
downloadupstream-5deed175a5a3fb7a550eae60f5bfdc15180def6c.tar.gz
upstream-5deed175a5a3fb7a550eae60f5bfdc15180def6c.tar.bz2
upstream-5deed175a5a3fb7a550eae60f5bfdc15180def6c.zip
hostapd: revert upstream commit to fix #13156
Commit e978072baaca ("Do prune_association only after the STA is authorized") causes issues when an STA roams from one interface to another interface on the same PHY. The mt7915 driver is not able to handle this properly. While the commits fixes a DoS, there are other devices and drivers with the same limitation, so revert to the orginal behavior for now, until we have a better solution in place. Fixes: #13156 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 324673914d42f5fb9b70cc73e955117828b99f3b)
-rw-r--r--package/network/services/hostapd/patches/991-Fix-OpenWrt-13156.patch63
1 files changed, 63 insertions, 0 deletions
diff --git a/package/network/services/hostapd/patches/991-Fix-OpenWrt-13156.patch b/package/network/services/hostapd/patches/991-Fix-OpenWrt-13156.patch
new file mode 100644
index 0000000000..99d800858f
--- /dev/null
+++ b/package/network/services/hostapd/patches/991-Fix-OpenWrt-13156.patch
@@ -0,0 +1,63 @@
+From 26cd9bafc1d25e602952ee86cd2a5b8c3a995490 Mon Sep 17 00:00:00 2001
+From: Stijn Tintel <stijn@linux-ipv6.be>
+Date: Fri, 28 Jul 2023 16:27:47 +0300
+Subject: [PATCH] Revert "Do prune_association only after the STA is
+ authorized"
+
+Commit e978072baaca ("Do prune_association only after the STA is
+authorized") causes issues when an STA roams from one interface to
+another interface on the same PHY. The mt7915 driver is not able to
+handle this properly. While the commits fixes a DoS, there are other
+devices and drivers with the same limitation, so revert to the orginal
+behavior for now, until we have a better solution in place.
+
+Ref: https://github.com/openwrt/openwrt/issues/13156
+Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
+---
+ src/ap/hostapd.c | 14 +++++++++++---
+ src/ap/sta_info.c | 3 ---
+ 2 files changed, 11 insertions(+), 6 deletions(-)
+
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -3615,6 +3615,8 @@ int hostapd_remove_iface(struct hapd_int
+ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
+ int reassoc)
+ {
++ int mld_assoc_link_id = -1;
++
+ if (hapd->tkip_countermeasures) {
+ hostapd_drv_sta_deauth(hapd, sta->addr,
+ WLAN_REASON_MICHAEL_MIC_FAILURE);
+@@ -3622,10 +3624,16 @@ void hostapd_new_assoc_sta(struct hostap
+ }
+
+ #ifdef CONFIG_IEEE80211BE
+- if (hapd->conf->mld_ap && sta->mld_info.mld_sta &&
+- sta->mld_assoc_link_id != hapd->mld_link_id)
+- return;
++ if (hapd->conf->mld_ap && sta->mld_info.mld_sta) {
++ if (sta->mld_assoc_link_id == hapd->mld_link_id) {
++ mld_assoc_link_id = sta->mld_assoc_link_id;
++ } else {
++ return;
++ }
++ }
+ #endif /* CONFIG_IEEE80211BE */
++ if (mld_assoc_link_id != -2)
++ hostapd_prune_associations(hapd, sta->addr, mld_assoc_link_id);
+
+ ap_sta_clear_disconnect_timeouts(hapd, sta);
+ sta->post_csa_sa_query = 0;
+--- a/src/ap/sta_info.c
++++ b/src/ap/sta_info.c
+@@ -1318,9 +1318,6 @@ void ap_sta_set_authorized(struct hostap
+ mld_assoc_link_id = -2;
+ }
+ #endif /* CONFIG_IEEE80211BE */
+- if (mld_assoc_link_id != -2)
+- hostapd_prune_associations(hapd, sta->addr,
+- mld_assoc_link_id);
+ sta->flags |= WLAN_STA_AUTHORIZED;
+ } else {
+ sta->flags &= ~WLAN_STA_AUTHORIZED;