hostapd: track ratelimit config and reload wifi when state changes

Fixes: WIFI-5701
Signed-off-by: John Crispin <john@phrozen.org>

backports/0019-hostapd-update-to-latest-HEAD.patch

@@ -1,14 +1,14 @@
-From 3ad2d6c00e559d5a55bf607f774229f59d3e738a Mon Sep 17 00:00:00 2001
+From 6e3370a4c785c2c245b77832960f1dbed2736192 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Sat, 4 Sep 2021 05:48:27 +0200
-Subject: [PATCH 01/59] hostapd: update to latest HEAD
+Subject: [PATCH 01/70] hostapd: update to latest HEAD
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
  package/network/services/hostapd/Makefile     |  15 +-
  .../hostapd/files/hostapd-basic.config        |   2 +-
  .../hostapd/files/hostapd-full.config         |   4 +-
- .../network/services/hostapd/files/hostapd.sh | 186 +++++++++---
+ .../network/services/hostapd/files/hostapd.sh | 188 +++++++++---
  ...-fix-frequency-setup-with-HE-enabled.patch | 196 -------------
  ...> 001-wolfssl-init-RNG-with-ECC-key.patch} |  11 +-
  ...-init-order-disable-pri-sec-channel-.patch | 126 --------
@@ -73,7 +73,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  .../services/hostapd/src/src/ap/ubus.c        | 214 +++++++++++++-
  .../services/hostapd/src/src/ap/ubus.h        |  16 +
  .../hostapd/src/src/utils/build_features.h    |   2 -
- 68 files changed, 1341 insertions(+), 2347 deletions(-)
+ 68 files changed, 1343 insertions(+), 2347 deletions(-)
  delete mode 100644 package/network/services/hostapd/patches/001-HE-VHT-fix-frequency-setup-with-HE-enabled.patch
  rename package/network/services/hostapd/patches/{802-wolfssl-init-RNG-with-ECC-key.patch => 001-wolfssl-init-RNG-with-ECC-key.patch} (76%)
  delete mode 100644 package/network/services/hostapd/patches/002-mesh-fix-channel-init-order-disable-pri-sec-channel-.patch
@@ -181,7 +181,7 @@ index df272e443a..61b6daf861 100644
  # EAP-SAKE for the integrated EAP server
  #CONFIG_EAP_SAKE=y
 diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
-index aa72e09eba..ba277fb079 100644
+index aa72e09eba..fe6af98f4d 100644
 --- a/package/network/services/hostapd/files/hostapd.sh
 +++ b/package/network/services/hostapd/files/hostapd.sh
 @@ -48,13 +48,17 @@ hostapd_append_wpa_key_mgmt() {
@@ -276,7 +276,7 @@ index aa72e09eba..ba277fb079 100644
 
  	config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
 
-@@ -319,23 +336,33 @@ hostapd_common_add_bss_config() {
+@@ -319,23 +336,35 @@ hostapd_common_add_bss_config() {
  	config_add_int iw_ipaddr_type_availability iw_gas_address3
  	config_add_string iw_hessid iw_network_auth_type iw_qos_map_set
  	config_add_array iw_roaming_consortium iw_domain_name iw_anqp_3gpp_cell_net iw_nai_realm
@@ -310,10 +310,12 @@ index aa72e09eba..ba277fb079 100644
 +
 +	config_add_int eap_server
 +	config_add_string eap_user_file ca_cert server_cert private_key private_key_passwd server_id
++	
++	config_add_boolean ratelimit
  }
 
  hostapd_set_vlan_file() {
-@@ -387,7 +414,7 @@ append_iw_anqp_3gpp_cell_net() {
+@@ -387,7 +416,7 @@ append_iw_anqp_3gpp_cell_net() {
  	if [ -z "$iw_anqp_3gpp_cell_net_conf" ]; then
  		iw_anqp_3gpp_cell_net_conf="$1"
  	else
@@ -322,7 +324,7 @@ index aa72e09eba..ba277fb079 100644
  	fi
  }
 
-@@ -399,10 +426,22 @@ append_iw_nai_realm() {
+@@ -399,10 +428,22 @@ append_iw_nai_realm() {
  	[ -n "$1" ] && append bss_conf "nai_realm=$1" "$N"
  }
 
@@ -345,15 +347,15 @@ index aa72e09eba..ba277fb079 100644
  append_osu_provider_service_desc() {
  	append bss_conf "osu_service_desc=$1" "$N"
  }
-@@ -450,6 +489,7 @@ append_osu_provider() {
+@@ -450,6 +491,7 @@ append_osu_provider() {
  	append bss_conf "osu_method_list=$osu_method_list" "$N"
 
  	config_list_foreach "$1" osu_service_desc append_osu_provider_service_desc
 +	config_list_foreach "$1" osu_friendly_name append_osu_friendly_name
  	config_list_foreach "$1" osu_icon append_osu_icon
 
  	append bss_conf "$N"
-@@ -459,6 +499,14 @@ append_hs20_conn_capab() {
+@@ -459,6 +501,14 @@ append_hs20_conn_capab() {
  	[ -n "$1" ] && append bss_conf "hs20_conn_capab=$1" "$N"
  }
 
@@ -368,7 +370,7 @@ index aa72e09eba..ba277fb079 100644
  append_airtime_sta_weight() {
  	[ -n "$1" ] && append bss_conf "airtime_sta_weight=$1" "$N"
  }
-@@ -482,10 +530,12 @@ hostapd_set_bss_options() {
+@@ -482,10 +532,12 @@ hostapd_set_bss_options() {
  		macfilter ssid utf8_ssid wmm uapsd hidden short_preamble rsn_preauth \
  		iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
  		acct_server acct_secret acct_port acct_interval \
@@ -383,23 +385,23 @@ index aa72e09eba..ba277fb079 100644
 
  	set_default isolate 0
  	set_default maxassoc 0
-@@ -506,6 +556,7 @@ hostapd_set_bss_options() {
+@@ -506,6 +558,7 @@ hostapd_set_bss_options() {
  	set_default multi_ap 0
  	set_default airtime_bss_weight 0
  	set_default airtime_bss_limit 0
 +	set_default eap_server 0
 
  	append bss_conf "ctrl_interface=/var/run/hostapd"
  	if [ "$isolate" -gt 0 ]; then
-@@ -532,6 +583,7 @@ hostapd_set_bss_options() {
+@@ -532,6 +585,7 @@ hostapd_set_bss_options() {
  	append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N"
  	append bss_conf "utf8_ssid=$utf8_ssid" "$N"
  	append bss_conf "multi_ap=$multi_ap" "$N"
 +	[ -n "$vendor_elements" ] && append bss_conf "vendor_elements=$vendor_elements" "$N"
 
  	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
 
-@@ -550,19 +602,21 @@ hostapd_set_bss_options() {
+@@ -550,19 +604,21 @@ hostapd_set_bss_options() {
  			append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
  		[ -n "$acct_interval" ] && \
  			append bss_conf "radius_acct_interim_interval=$acct_interval" "$N"
@@ -423,7 +425,7 @@ index aa72e09eba..ba277fb079 100644
 
  	local vlan_possible=""
 
-@@ -599,12 +653,12 @@ hostapd_set_bss_options() {
+@@ -599,12 +655,12 @@ hostapd_set_bss_options() {
  			vlan_possible=1
  			wps_possible=1
  		;;
@@ -438,7 +440,7 @@ index aa72e09eba..ba277fb079 100644
 
  			# radius can provide VLAN ID for clients
  			vlan_possible=1
-@@ -616,18 +670,22 @@ hostapd_set_bss_options() {
+@@ -616,18 +672,22 @@ hostapd_set_bss_options() {
 
  			set_default auth_port 1812
  			set_default dae_port 3799
@@ -465,7 +467,7 @@ index aa72e09eba..ba277fb079 100644
 
  			[ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
  			[ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N"
-@@ -699,7 +757,8 @@ hostapd_set_bss_options() {
+@@ -699,7 +759,8 @@ hostapd_set_bss_options() {
  	}
 
  	append bss_conf "ssid=$ssid" "$N"
@@ -475,7 +477,7 @@ index aa72e09eba..ba277fb079 100644
  	[ -n "$iapp_interface" ] && {
  		local ifname
  		network_get_device ifname "$iapp_interface" || ifname="$iapp_interface"
-@@ -740,7 +799,7 @@ hostapd_set_bss_options() {
+@@ -740,7 +801,7 @@ hostapd_set_bss_options() {
  			append bss_conf "ftm_responder=1" "$N"
  			[ "$stationary_ap" -eq "1" ] && append bss_conf "stationary_ap=1" "$N"
  			[ -n "$lci" ] && append bss_conf "lci=$lci" "$N"
@@ -484,15 +486,15 @@ index aa72e09eba..ba277fb079 100644
  		}
  	fi
 
-@@ -764,6 +823,7 @@ hostapd_set_bss_options() {
+@@ -764,6 +825,7 @@ hostapd_set_bss_options() {
  				;;
  			esac
 
 +			[ -n "$network_ifname" ] && append bss_conf "ft_iface=$network_ifname" "$N"
  			append bss_conf "mobility_domain=$mobility_domain" "$N"
  			append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
  			append bss_conf "ft_over_ds=$ft_over_ds" "$N"
-@@ -778,6 +838,13 @@ hostapd_set_bss_options() {
+@@ -778,6 +840,13 @@ hostapd_set_bss_options() {
  				set_default r0_key_lifetime 10000
  				set_default pmk_r1_push 0
 
@@ -506,7 +508,7 @@ index aa72e09eba..ba277fb079 100644
  				[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
  				append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
  				append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
-@@ -822,7 +889,16 @@ hostapd_set_bss_options() {
+@@ -822,7 +891,16 @@ hostapd_set_bss_options() {
  				json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
  				append bss_conf "ieee80211w=$ieee80211w" "$N"
  				[ "$ieee80211w" -gt "0" ] && {
@@ -524,7 +526,7 @@ index aa72e09eba..ba277fb079 100644
  					[ -n "$ieee80211w_max_timeout" ] && \
  						append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
  					[ -n "$ieee80211w_retry_timeout" ] && \
-@@ -863,13 +939,17 @@ hostapd_set_bss_options() {
+@@ -863,13 +941,17 @@ hostapd_set_bss_options() {
  	}
 
  	[ -n "$vlan_possible" -a -n "$dynamic_vlan" ] && {
@@ -544,15 +546,15 @@ index aa72e09eba..ba277fb079 100644
  		[ -n "$vlan_tagged_interface" ] && \
  			append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N"
  		[ -n "$vlan_file" ] && {
-@@ -882,6 +962,7 @@ hostapd_set_bss_options() {
+@@ -882,6 +964,7 @@ hostapd_set_bss_options() {
  	json_get_vars iw_hessid iw_venue_group iw_venue_type iw_network_auth_type
  	json_get_vars iw_roaming_consortium iw_domain_name iw_anqp_3gpp_cell_net iw_nai_realm
  	json_get_vars iw_anqp_elem iw_qos_map_set iw_ipaddr_type_availability iw_gas_address3
 +	json_get_vars iw_venue_name iw_venue_url
 
  	set_default iw_enabled 0
  	if [ "$iw_enabled" = "1" ]; then
-@@ -905,11 +986,12 @@ hostapd_set_bss_options() {
+@@ -905,11 +988,12 @@ hostapd_set_bss_options() {
  		[ -n "$iw_network_auth_type" ] && \
  			append bss_conf "network_auth_type=$iw_network_auth_type" "$N"
  		[ -n "$iw_gas_address3" ] && append bss_conf "gas_address3=$iw_gas_address3" "$N"
@@ -566,7 +568,7 @@ index aa72e09eba..ba277fb079 100644
 
  		iw_domain_name_conf=
  		json_for_each_item append_iw_domain_name iw_domain_name
-@@ -922,13 +1004,22 @@ hostapd_set_bss_options() {
+@@ -922,13 +1006,22 @@ hostapd_set_bss_options() {
  			append bss_conf "anqp_3gpp_cell_net=$iw_anqp_3gpp_cell_net_conf" "$N"
  	fi
 
@@ -591,15 +593,15 @@ index aa72e09eba..ba277fb079 100644
  	set_default disable_dgaf $hs20
  	set_default osen 0
  	set_default anqp_domain_id 0
-@@ -936,6 +1027,7 @@ hostapd_set_bss_options() {
+@@ -936,6 +1029,7 @@ hostapd_set_bss_options() {
  	if [ "$hs20" = "1" ]; then
  		append bss_conf "hs20=1" "$N"
  		append_hs20_icons
 +		append bss_conf "hs20_release=$hs20_release" "$N"
  		append bss_conf "disable_dgaf=$disable_dgaf" "$N"
  		append bss_conf "osen=$osen" "$N"
  		append bss_conf "anqp_domain_id=$anqp_domain_id" "$N"
-@@ -945,16 +1037,31 @@ hostapd_set_bss_options() {
+@@ -945,16 +1039,31 @@ hostapd_set_bss_options() {
  		[ -n "$hs20_operating_class" ] && append bss_conf "hs20_operating_class=$hs20_operating_class" "$N"
  		[ -n "$hs20_t_c_filename" ] && append bss_conf "hs20_t_c_filename=$hs20_t_c_filename" "$N"
  		[ -n "$hs20_t_c_timestamp" ] && append bss_conf "hs20_t_c_timestamp=$hs20_t_c_timestamp" "$N"
@@ -632,7 +634,7 @@ index aa72e09eba..ba277fb079 100644
 
  	set_default per_sta_vif 0
  	if [ "$per_sta_vif" -gt 0 ]; then
-@@ -1079,16 +1186,16 @@ wpa_supplicant_set_fixed_freq() {
+@@ -1079,16 +1188,16 @@ wpa_supplicant_set_fixed_freq() {
  	append network_data "frequency=$freq" "$N$T"
  	case "$htmode" in
  		NOHT) append network_data "disable_ht=1" "$N$T";;
@@ -653,7 +655,7 @@ index aa72e09eba..ba277fb079 100644
  		*) append network_data "disable_vht=1" "$N$T";;
  	esac
  }
-@@ -1106,19 +1213,21 @@ wpa_supplicant_add_network() {
+@@ -1106,19 +1215,21 @@ wpa_supplicant_add_network() {
  		ssid bssid key \
  		basic_rate mcast_rate \
  		ieee80211w ieee80211r \
@@ -678,7 +680,7 @@ index aa72e09eba..ba277fb079 100644
 
  	local key_mgmt='NONE'
  	local network_data=
-@@ -1150,7 +1259,10 @@ wpa_supplicant_add_network() {
+@@ -1150,7 +1261,10 @@ wpa_supplicant_add_network() {
  		scan_ssid=""
  	}
 
@@ -690,7 +692,7 @@ index aa72e09eba..ba277fb079 100644
 
  	case "$auth_type" in
  		none) ;;
-@@ -1186,7 +1298,7 @@ wpa_supplicant_add_network() {
+@@ -1186,7 +1300,7 @@ wpa_supplicant_add_network() {
  			fi
  			append network_data "$passphrase" "$N$T"
  		;;

feeds/wifi-ax/hostapd/files/hostapd.sh

@@ -369,6 +369,8 @@ hostapd_common_add_bss_config() {
 
 	config_add_int eap_server
 	config_add_string eap_user_file ca_cert server_cert private_key private_key_passwd server_id
+
+	config_add_boolean ratelimit
 }
 
 hostapd_set_vlan_file() {