hostapd: emit ubus key-mismatch event for SAE confirm failures

author Felix Fietkau <nbd@nbd.name>

Mon, 4 May 2026 07:58:40 +0000 (07:58 +0000)

committer Felix Fietkau <nbd@nbd.name>

Mon, 4 May 2026 14:29:37 +0000 (16:29 +0200)
author Felix Fietkau <nbd@nbd.name>
Mon, 4 May 2026 07:58:40 +0000 (07:58 +0000)
committer Felix Fietkau <nbd@nbd.name>
Mon, 4 May 2026 14:29:37 +0000 (16:29 +0200)
diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch

index 675993b4335a85228271da0b51a3c6fa0d974284..290f2e8e4a8c92d61fad671d518f0560782c329d 100644 (file)
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -195,7 +195,15 @@ probe/assoc/auth requests via object subscribe.
   struct hostapd_iface * hostapd_alloc_iface(void);
  --- a/src/ap/ieee802_11.c
  +++ b/src/ap/ieee802_11.c
-@@ -4077,7 +4077,7 @@ static void handle_auth(struct hostapd_d
+@@ -2026,6 +2026,7 @@ static void handle_auth_sae(struct hosta
+ 
+                       if (sae_check_confirm(sta->sae, var, var_len,
+                                             NULL) < 0) {
++                              hostapd_ubus_notify(hapd, "key-mismatch", sta->addr);
+                               if (sae_password_track_fail(hapd, sta)) {
+                                       wpa_printf(MSG_DEBUG,
+                                                  "SAE: Reject mismatching Confirm so that another password can be attempted by "
+@@ -4077,7 +4078,7 @@ static void handle_auth(struct hostapd_d
         u16 auth_alg, auth_transaction, status_code;
         u16 resp = WLAN_STATUS_SUCCESS;
         struct sta_info *sta = NULL;
@@ -204,7 +212,7 @@ probe/assoc/auth requests via object subscribe.
         u16 fc;
         const u8 *challenge = NULL;
         u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
-@@ -4116,6 +4116,11 @@ static void handle_auth(struct hostapd_d
+@@ -4116,6 +4117,11 @@ static void handle_auth(struct hostapd_d
         else
                 sa = mgmt->sa;
   #endif /* CONFIG_IEEE80211BE */
@@ -216,7 +224,7 @@ probe/assoc/auth requests via object subscribe.
   
         auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
         auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
-@@ -4306,6 +4311,13 @@ static void handle_auth(struct hostapd_d
+@@ -4306,6 +4312,13 @@ static void handle_auth(struct hostapd_d
                 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
                 goto fail;
         }
@@ -230,7 +238,7 @@ probe/assoc/auth requests via object subscribe.
         if (res == HOSTAPD_ACL_PENDING)
                 return;
   
-@@ -6999,7 +7011,7 @@ static void handle_assoc(struct hostapd_
+@@ -6999,7 +7012,7 @@ static void handle_assoc(struct hostapd_
         int resp = WLAN_STATUS_SUCCESS;
         u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
         const u8 *pos;
@@ -239,7 +247,7 @@ probe/assoc/auth requests via object subscribe.
         struct sta_info *sta;
         u8 *tmp = NULL;
   #ifdef CONFIG_FILS
-@@ -7255,6 +7267,11 @@ static void handle_assoc(struct hostapd_
+@@ -7255,6 +7268,11 @@ static void handle_assoc(struct hostapd_
                 left = res;
         }
   #endif /* CONFIG_FILS */
@@ -251,7 +259,7 @@ probe/assoc/auth requests via object subscribe.
   
         /* followed by SSID and Supported rates; and HT capabilities if 802.11n
          * is used */
-@@ -7347,6 +7364,7 @@ static void handle_assoc(struct hostapd_
+@@ -7347,6 +7365,7 @@ static void handle_assoc(struct hostapd_
   
   #ifdef CONFIG_TAXONOMY
         taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
@@ -259,7 +267,7 @@ probe/assoc/auth requests via object subscribe.
   #endif /* CONFIG_TAXONOMY */
   
         sta->pending_wds_enable = 0;
-@@ -7360,6 +7378,13 @@ static void handle_assoc(struct hostapd_
+@@ -7360,6 +7379,13 @@ static void handle_assoc(struct hostapd_
         }
   #endif /* CONFIG_FILS */
   
@@ -273,7 +281,7 @@ probe/assoc/auth requests via object subscribe.
    fail:
   
         /*
-@@ -7598,6 +7623,7 @@ static void handle_disassoc(struct hosta
+@@ -7598,6 +7624,7 @@ static void handle_disassoc(struct hosta
                            (unsigned long) len);
                 return;
         }
@@ -281,7 +289,7 @@ probe/assoc/auth requests via object subscribe.
   
         sta = ap_get_sta(hapd, mgmt->sa);
         if (!sta) {
-@@ -7629,6 +7655,8 @@ static void handle_deauth(struct hostapd
+@@ -7629,6 +7656,8 @@ static void handle_deauth(struct hostapd
         /* Clear the PTKSA cache entries for PASN */
         ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
   
diff --git a/package/network/services/hostapd/patches/601-ucode_support.patch b/package/network/services/hostapd/patches/601-ucode_support.patch

index 7a8c7b898bdc87d3a223aefdcf7810cf2b4b5561..ab68d70eb0bd7a24dc07dc76f430bff868ae2e22 100644 (file)
--- a/package/network/services/hostapd/patches/601-ucode_support.patch
+++ b/package/network/services/hostapd/patches/601-ucode_support.patch
@@ -494,7 +494,7 @@ as adding/removing interfaces.
                 }
         }
   
-@@ -4466,6 +4489,12 @@ static void handle_auth(struct hostapd_d
+@@ -4467,6 +4490,12 @@ static void handle_auth(struct hostapd_d
                 goto fail;
         }
   
diff --git a/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch b/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch

index ae548c54e87ad83fb3adfc91ea659c918fe2633f..d0f4d8ffaf08bda01a3faf7b1648d85b092a9eac 100644 (file)
--- a/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch
+++ b/package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch
@@ -373,7 +373,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6
   
   #ifdef CONFIG_FILS
   static struct wpabuf *
-@@ -4868,8 +4871,8 @@ static u16 check_multi_ap(struct hostapd
+@@ -4869,8 +4872,8 @@ static u16 check_multi_ap(struct hostapd
   }
   
   
@@ -384,7 +384,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6
   {
         /* Supported rates not used in IEEE 802.11ad/DMG */
         if (hapd->iface->current_mode &&
-@@ -5337,7 +5340,7 @@ static int __check_assoc_ies(struct host
+@@ -5338,7 +5341,7 @@ static int __check_assoc_ies(struct host
                                elems->ext_capab_len);
         if (resp != WLAN_STATUS_SUCCESS)
                 goto out;
@@ -393,7 +393,7 @@ Hotfix-by: Sebastian Gottschall https://github.com/mirror/dd-wrt/commit/0c3001a6
         if (resp != WLAN_STATUS_SUCCESS)
                 goto out;
   
-@@ -7719,6 +7722,11 @@ static void handle_beacon(struct hostapd
+@@ -7720,6 +7723,11 @@ static void handle_beacon(struct hostapd
                                       0);
   
         ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
author	Felix Fietkau <nbd@nbd.name>
	Mon, 4 May 2026 07:58:40 +0000 (07:58 +0000)
committer	Felix Fietkau <nbd@nbd.name>
	Mon, 4 May 2026 14:29:37 +0000 (16:29 +0200)
package/network/services/hostapd/patches/600-ubus_support.patch		patch \| blob \| blame \| history
package/network/services/hostapd/patches/601-ucode_support.patch		patch \| blob \| blame \| history
package/network/services/hostapd/patches/780-Implement-APuP-Access-Point-Micro-Peering.patch		patch \| blob \| blame \| history