From patchwork Thu Jan 26 10:04:23 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?UmFwaGHDq2wgTcOpbG90dGU=?=
 <raphael.melotte@mind.be>
X-Patchwork-Id: 1732087
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=X25dk4VC;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=mind.be header.i=@mind.be header.a=rsa-sha256
 header.s=google header.b=cS49T1bR;
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4P2bxv04pbz23h7
	for <incoming@patchwork.ozlabs.org>; Thu, 26 Jan 2023 21:08:18 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=CRTs2/AyjtXc+nXEsaZDL5BKC44sfPtmEfS9Xw2kuxE=; b=X25dk4VC3gJjfG
	5siyA6uBz1TcTTeVDOW3/t1hPIzQnwuf48Jbb3vqSTdYOKWJybbEY9iGgm375Hy3Ave+yTUzpcosE
	Z74X+4dQm9ywcZ3G3pqjKomzml2fJWGcyOwaL0UmPhD9XGUARZGFk8yqo/HtO1NzRUWczyM42kPui
	1Pi7hAv7Ln/v8I2Yyh5OH5I9f3NFm+CtXrt0tarTG0YkasGsnL5KSSVu4PIerPT4OVja/mqTfQyf6
	r/s5z1Boo0nk9Bh0bmESI9OGF76ikxrkvplTBWRuW4hqFpjmbsTQXLdlDWAzmcOgZ5C3K5Bn+2+3Y
	dkSoNYlHr+f2usCvzKwg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1pKz7b-00AMwz-Sg; Thu, 26 Jan 2023 10:04:44 +0000
Received: from mail-ej1-x633.google.com ([2a00:1450:4864:20::633])
	by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
	id 1pKz7X-00AMw8-KP
	for openwrt-devel@lists.openwrt.org; Thu, 26 Jan 2023 10:04:41 +0000
Received: by mail-ej1-x633.google.com with SMTP id hw16so3618378ejc.10
        for <openwrt-devel@lists.openwrt.org>;
 Thu, 26 Jan 2023 02:04:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=mind.be; s=google;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=weZIBNibIJqr6dwROuiL4zrY2WlDxqDhsdOyFcM9iLY=;
        b=cS49T1bRt7nYVBcr84lIsj0jkY6I4pNffKBa5RbFAV7ZQhh5ppkippbPAgx+Nu6xFg
         yvmiytAdLtnTg4zM2S4rae9FDSy/s4l9zjj2u3Nu38AaaPlEPVheXcD3eTjxri9S2Asc
         E54rsACVeIQ5INBva3rI+/KleYSpZFl5GkeS0VqoTK6bsFLvL/gWa5B1gp4QQbTwu5Pf
         UBUxXtZAzCwwESeQ9yaIFAmWHUGxePGxNAoIk4R9dTritV6u46KBSrSMfaymvG/t9THw
         urFHQCqGlght59AG6qEAfSmh/47npN5TsYJle1hEKENpacZBDlYmbeUdsTUutzdKkfqg
         1zCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=weZIBNibIJqr6dwROuiL4zrY2WlDxqDhsdOyFcM9iLY=;
        b=mc+9c+CNlI8Y5sIgeO1VyMJSO6/EnRbS/eti4fJIx/thATKBxgWApkAw0w71+Scy2k
         OWnpwPheeZW2QyXoamAhln4eVVwsEC8ZFgAERrneSqKi4+gJZhrHfzIbGn5zLI/Ouu5V
         HnSVgDkrItOzVOGtyOWilo4eV/4pL+++n0ezlUgB0AzsnLHcvsU4z9kRRjwYRidl194w
         tPt1UVrkyVsDlcp8SQLDMgOZKPElT99VnvrPAy3hgK7awVw6lmnFnO6qEOgBld6jIJn9
         Yzh+8Ts9PiICoEyXOz8stLlZ1VZ5me3mzEGUFukeucbds1MkbC2A6T4/s/U5cfvcpnTi
         jsJw==
X-Gm-Message-State: AFqh2kr2rbKm2Fd26B+c0wUlJWl9N+fmT+KiPYGk1YfFDEudxIbah+6G
	XwqxTuEXUN3DE86rWBC7RjH8ZDFgdCusYPW5
X-Google-Smtp-Source: 
 AMrXdXtlMZLmCHrKfBI/Xl2MVW5B94YkEGSZaoZND9q4OXBhpZ68lY51poQ8dbB4ULtH1TppbRVJtA==
X-Received: by 2002:a17:906:3795:b0:84d:1366:c74d with SMTP id
 n21-20020a170906379500b0084d1366c74dmr31630637ejc.63.1674727477917;
        Thu, 26 Jan 2023 02:04:37 -0800 (PST)
Received: from localhost.localdomain (ip-188-118-3-185.reverse.destiny.be.
 [188.118.3.185])
        by smtp.gmail.com with ESMTPSA id
 ch28-20020a0564021bdc00b0049e1f167956sm516190edb.9.2023.01.26.02.04.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 26 Jan 2023 02:04:37 -0800 (PST)
From: =?utf-8?b?UmFwaGHDq2wgTcOpbG90dGU=?= <raphael.melotte@mind.be>
To: openwrt-devel@lists.openwrt.org
Cc: =?utf-8?b?UmFwaGHDq2wgTcOpbG90dGU=?= <raphael.melotte@mind.be>
Subject: [PATCH] hostapd: add option to ignore data frames from unknown
 stations
Date: Thu, 26 Jan 2023 11:04:23 +0100
Message-Id: <20230126100423.2382237-1-raphael.melotte@mind.be>
X-Mailer: git-send-email 2.38.1
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20230126_020439_694220_214871B6 
X-CRM114-Status: GOOD (  19.95  )
X-Spam-Score: 0.1 (/)
X-Spam-Report: =?unknown-8bit?q?Spam_detection_software=2C_running_on_the_sy?=
	=?unknown-8bit?q?stem_=22bombadil=2Einfradead=2Eorg=22=2C?=
	=?unknown-8bit?q?_has_NOT_identified_this_incoming_email_as_spam=2E__The_ori?=
	=?unknown-8bit?q?ginal?=
	=?unknown-8bit?q?_message_has_been_attached_to_this_so_you_can_view_it_or_la?=
	=?unknown-8bit?q?bel?=
	=?unknown-8bit?q?_similar_future_email=2E__If_you_have_any_questions=2C_see?=
	=?unknown-8bit?q?_the_administrator_of_that_system_for_details=2E?=
	=?unknown-8bit?q?_?=
	=?unknown-8bit?q?_Content_preview=3A__Also_refresh_patches=2E_Upstream_hosta?=
	=?unknown-8bit?q?pd_status=3A_https=3A//patchwork=2Eozlabs=2Eorg/project/ho?=
	=?unknown-8bit?q?stap/patch/20230126091539=2E2325752-1-raphael=2Emelotte=40?=
	=?unknown-8bit?q?mind=2Ebe/?=
	=?unknown-8bit?q?_Signed-off-by=3A_Rapha=C3=ABl_M=C3=A9lotte_=3Craphael=2Eme?=
	=?unknown-8bit?q?lotte=40mind=2Ebe=3E_---_=2E=2E=2E-ignore-data-frames-from?=
	=?unknown-8bit?q?-unknown-sta=2Epatch?=
	=?unknown-8bit?q?_=7C_72_+++++++++++++++++++_=2E=2E=2E/hostapd/patches/700-w?=
	=?unknown-8bit?q?ifi-reload=2Epatch_=7C_2_+-?=
	=?unknown-8bit?b?IC4uLi9wYXRjaGVzLzcyMC1pIFsuLi5dIA==?=
	=?unknown-8bit?q?_?=
	=?unknown-8bit?q?_Content_analysis_details=3A___=280=2E1_points=2C_5=2E0_req?=
	=?unknown-8bit?q?uired=29?=
	=?unknown-8bit?q?_?=
	=?unknown-8bit?q?_pts_rule_name______________description?=
	=?unknown-8bit?q?_----_----------------------_------------------------------?=
	=?unknown-8bit?q?--------------------?=
	=?unknown-8bit?q?_-0=2E0_RCVD=5FIN=5FDNSWL=5FNONE_____RBL=3A_Sender_listed_a?=
	=?unknown-8bit?q?t_https=3A//www=2Ednswl=2Eorg/=2C?=
	=?unknown-8bit?q?_no_trust?=
	=?unknown-8bit?b?IFsyYTAwOjE0NTA6NDg2NDoyMDowOjA6MDo2MzMgbGlzdGVkIGluXQ==?=
	=?unknown-8bit?b?IFtsaXN0LmRuc3dsLm9yZ10=?=
	=?unknown-8bit?q?_-0=2E0_SPF=5FPASS_______________SPF=3A_sender_matches_SPF_?=
	=?unknown-8bit?q?record?=
	=?unknown-8bit?q?_0=2E0_SPF=5FHELO=5FNONE__________SPF=3A_HELO_does_not_publ?=
	=?unknown-8bit?q?ish_an_SPF_Record?=
	=?unknown-8bit?q?_0=2E2_HEADER=5FFROM=5FDIFFERENT=5FDOMAINS_From_and_Envelop?=
	=?unknown-8bit?q?eFrom_2nd_level?=
	=?unknown-8bit?q?_mail_domains_are_different?=
	=?unknown-8bit?q?_-0=2E1_DKIM=5FVALID=5FAU__________Message_has_a_valid_DKIM?=
	=?unknown-8bit?q?_or_DK_signature_from?=
	=?unknown-8bit?q?_author=27s_domain?=
	=?unknown-8bit?q?_-0=2E1_DKIM=5FVALID_____________Message_has_at_least_one_v?=
	=?unknown-8bit?q?alid_DKIM_or_DK_signature?=
	=?unknown-8bit?q?_0=2E1_DKIM=5FSIGNED____________Message_has_a_DKIM_or_DK_si?=
	=?unknown-8bit?q?gnature=2C_not_necessarily?=
	=?unknown-8bit?q?_valid?=
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

Also refresh patches.

Upstream hostapd status:
https://patchwork.ozlabs.org/project/hostap/patch/20230126091539.2325752-1-raphael.melotte@mind.be/

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
---
 ...-ignore-data-frames-from-unknown-sta.patch | 72 +++++++++++++++++++
 .../hostapd/patches/700-wifi-reload.patch     |  2 +-
 .../patches/720-iface_max_num_sta.patch       |  2 +-
 3 files changed, 74 insertions(+), 2 deletions(-)
 create mode 100644 package/network/services/hostapd/patches/630-add-ignore-data-frames-from-unknown-sta.patch

diff --git a/package/network/services/hostapd/patches/630-add-ignore-data-frames-from-unknown-sta.patch b/package/network/services/hostapd/patches/630-add-ignore-data-frames-from-unknown-sta.patch
new file mode 100644
index 0000000000..931c080a41
--- /dev/null
+++ b/package/network/services/hostapd/patches/630-add-ignore-data-frames-from-unknown-sta.patch
@@ -0,0 +1,72 @@
+From cb949726fc6194c608027f2556c00b262c6b8b34 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rapha=C3=ABl=20M=C3=A9lotte?= <raphael.melotte@mind.be>
+Date: Tue, 24 Jan 2023 14:15:09 +0100
+Subject: [PATCH] hostapd: add option to ignore data frames from unknown
+ stations
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When an external process manages hostapd, it can be needed to
+temporarily ignore class 3 frames from unknown stations until hostapd
+can be made aware of the station.
+
+Add a new option that, when set, makes hostapd ignore class 3 frames
+from unknown stations. When the option is not set, the behavior stays
+the same as before (i.e. unknown stations are deauthenticated).
+
+Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
+---
+ hostapd/config_file.c | 2 ++
+ hostapd/hostapd.conf  | 5 +++++
+ src/ap/ap_config.h    | 2 ++
+ src/ap/ieee802_11.c   | 2 +-
+ 4 files changed, 10 insertions(+), 1 deletion(-)
+
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -4459,6 +4459,8 @@ static int hostapd_config_fill(struct ho
+ 		bss->broadcast_deauth = atoi(pos);
+ 	} else if (os_strcmp(buf, "notify_mgmt_frames") == 0) {
+ 		bss->notify_mgmt_frames = atoi(pos);
++	} else if (os_strcmp(buf, "no_deauth_unknown_sta") == 0) {
++		bss->no_deauth_unknown_sta = atoi(pos);
+ #ifdef CONFIG_DPP
+ 	} else if (os_strcmp(buf, "dpp_name") == 0) {
+ 		os_free(bss->dpp_name);
+--- a/hostapd/hostapd.conf
++++ b/hostapd/hostapd.conf
+@@ -591,6 +591,11 @@ wmm_ac_vo_acm=0
+ # Default: 0 (disabled)
+ #notify_mgmt_frames=0
+ 
++# Do not deauthenticate unknown stations.
++# This can be used to temporarily ignore data frames from unknown
++# stations, instead of deauthenticating them.
++#no_deauth_unknown_sta=0
++
+ ##### IEEE 802.11n related configuration ######################################
+ 
+ # ieee80211n: Whether IEEE 802.11n (HT) is enabled
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -750,6 +750,8 @@ struct hostapd_bss_config {
+ 
+ 	int broadcast_deauth;
+ 
++	int no_deauth_unknown_sta;
++
+ 	int notify_mgmt_frames;
+ 
+ #ifdef CONFIG_DPP
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -6964,7 +6964,7 @@ void ieee802_11_rx_from_unknown(struct h
+ 		hostapd_drv_sta_disassoc(
+ 			hapd, src,
+ 			WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
+-	else
++	else if (!hapd->conf->no_deauth_unknown_sta)
+ 		hostapd_drv_sta_deauth(
+ 			hapd, src,
+ 			WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
diff --git a/package/network/services/hostapd/patches/700-wifi-reload.patch b/package/network/services/hostapd/patches/700-wifi-reload.patch
index 174127df6e..28916dca7e 100644
--- a/package/network/services/hostapd/patches/700-wifi-reload.patch
+++ b/package/network/services/hostapd/patches/700-wifi-reload.patch
@@ -47,7 +47,7 @@
  	enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
  
  	unsigned int logger_syslog; /* module bitfield */
-@@ -969,6 +971,7 @@ struct eht_phy_capabilities_info {
+@@ -971,6 +973,7 @@ struct eht_phy_capabilities_info {
  struct hostapd_config {
  	struct hostapd_bss_config **bss, *last_bss;
  	size_t num_bss;
diff --git a/package/network/services/hostapd/patches/720-iface_max_num_sta.patch b/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
index ed76d22dd0..e5d91700af 100644
--- a/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
+++ b/package/network/services/hostapd/patches/720-iface_max_num_sta.patch
@@ -71,7 +71,7 @@
  			   " since no room for additional STA",
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -1010,6 +1010,8 @@ struct hostapd_config {
+@@ -1012,6 +1012,8 @@ struct hostapd_config {
  	unsigned int track_sta_max_num;
  	unsigned int track_sta_max_age;