From cccf9b028416f41e401166cfa23ef5714ae9f606 Mon Sep 17 00:00:00 2001
From: John Crispin <john@phrozen.org>
Date: Wed, 2 Dec 2020 08:49:34 +0100
Subject: [PATCH 23/25] hostapd: add the TIP tweaks

Signed-off-by: John Crispin <john@phrozen.org>
---
 package/network/services/hostapd/Makefile     |   2 +-
 .../hostapd/files/hostapd-full.config         |   4 +-
 .../network/services/hostapd/files/hostapd.sh | 126 +++++++++++++++---
 .../network/services/hostapd/files/wpad.init  |   4 +-
 ..._request-ignore-when-rssi-is-too-low.patch |  68 ++++++++++
 5 files changed, 177 insertions(+), 27 deletions(-)
 create mode 100644 package/network/services/hostapd/patches/800-probe_request-ignore-when-rssi-is-too-low.patch

diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 1e20b56200..cec7e723b6 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -109,7 +109,7 @@ ifeq ($(SSL_VARIANT),openssl)
     DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y
   endif
   ifeq ($(LOCAL_VARIANT),full)
-    DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y
+    DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y CONFIG_HS20=y CONFIG_INTERWORKING=y
   endif
 endif
 
diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config
index df272e443a..b0a7e3f857 100644
--- a/package/network/services/hostapd/files/hostapd-full.config
+++ b/package/network/services/hostapd/files/hostapd-full.config
@@ -371,9 +371,9 @@ CONFIG_INTERWORKING=y
 CONFIG_TAXONOMY=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-#CONFIG_FILS=y
+CONFIG_FILS=y
 # FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
+CONFIG_FILS_SK_PFS=y
 
 # Include internal line edit mode in hostapd_cli. This can be used to provide
 # limited command line editing and history support.
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index a41254d6db..b64dea549c 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -45,6 +45,7 @@ hostapd_append_wpa_key_mgmt() {
 			append wpa_key_mgmt "WPA-$auth_type_l"
 			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
+			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
@@ -104,6 +105,7 @@ hostapd_common_add_device_config() {
 	config_add_array hostapd_options
 
 	config_add_int airtime_mode
+	config_add_boolean multiple_bssid rnr_beacon he_co_locate ema
 
 	hostapd_add_log_config
 }
@@ -116,7 +118,8 @@ hostapd_prepare_device_config() {
 	local base_cfg=
 
 	json_get_vars country country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
-		acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density
+		acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density \
+		multiple_bssid he_co_locate rnr_beacon ema
 
 	hostapd_set_log_options base_cfg
 
@@ -126,7 +129,11 @@ hostapd_prepare_device_config() {
 	set_default legacy_rates 1
 	set_default airtime_mode 0
 	set_default cell_density 0
-
+	set_default multiple_bssid 0
+	set_default rnr_beacon 0
+	set_default he_co_locate 0
+	set_default ema 0
+ 
 	[ -n "$country" ] && {
 		append base_cfg "country_code=$country" "$N"
 
@@ -212,6 +219,10 @@ hostapd_prepare_device_config() {
 	append base_cfg "beacon_int=$beacon_int" "$N"
 	append base_cfg "dtim_period=$dtim_period" "$N"
 	[ "$airtime_mode" -gt 0 ] && append base_cfg "airtime_mode=$airtime_mode" "$N"
+	[ "$multiple_bssid" -gt 0 ] && append base_cfg "multiple_bssid=$multiple_bssid" "$N"
+	[ "$rnr_beacon" -gt 0 ] && append base_cfg "rnr_beacon=$rnr_beacon" "$N"
+	[ "$ema" -gt 0 ] && append base_cfg "ema=$ema" "$N"
+	[ "$he_co_locate" -gt 0 ] && append base_cfg "he_co_locate=$he_co_locate" "$N"
 
 	json_get_values opts hostapd_options
 	for val in $opts; do
@@ -241,6 +252,7 @@ hostapd_common_add_bss_config() {
 
 	config_add_boolean rsn_preauth auth_cache
 	config_add_int ieee80211w
+	config_add_int ieee80211ai
 	config_add_int eapol_version
 
 	config_add_string 'auth_server:host' 'server:host'
@@ -318,6 +330,10 @@ hostapd_common_add_bss_config() {
 	config_add_string iw_hessid iw_network_auth_type iw_qos_map_set
 	config_add_array iw_roaming_consortium iw_domain_name iw_anqp_3gpp_cell_net iw_nai_realm
 	config_add_array iw_anqp_elem
+	
+	config_add_int beacon_rate
+	config_add_int rssi_reject_assoc_rssi
+	config_add_int rssi_ignore_probe_request
 
 	config_add_boolean hs20 disable_dgaf osen
 	config_add_int anqp_domain_id
@@ -326,10 +342,21 @@ hostapd_common_add_bss_config() {
 	config_add_array osu_provider
 	config_add_array operator_icon
 	config_add_array hs20_conn_capab
+	config_add_array roaming_consortium
+	config_add_array venue_name
+	config_add_array venue_url
+	config_add_array nai_realm
 	config_add_string osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp
 
+	config_add_boolean interworking internet
+	config_add_int access_network_type asra esr uesa venue_group venue_type ipaddr_type_availability \
+		gas_address3
+	config_add_string hessid network_auth_type \
+		anqp_3gpp_cell_net anqp_elem domain_name qos_map_set hs20_t_c_server_url
+
 	config_add_array airtime_sta_weight
 	config_add_int airtime_bss_weight airtime_bss_limit
+	config_add_int rts_threshold
 }
 
 hostapd_set_vlan_file() {
@@ -393,12 +420,28 @@ append_iw_nai_realm() {
 	[ -n "$1" ] && append bss_conf "nai_realm=$1" "$N"
 }
 
+append_roaming_consortium() {
+	[ -n "$1" ] && append bss_conf "roaming_consortium=$1" "$N"
+}
+
+append_venue_name() {
+	[ -n "$1" ] && append bss_conf "venue_name=$1" "$N"
+}
+
+append_venue_url() {
+	[ -n "$1" ] && append bss_conf "venue_url=$1" "$N"
+}
+
+append_nai_realm() {
+	[ -n "$1" ] && append bss_conf "nai_realm=$1" "$N"
+}
+
 append_hs20_oper_friendly_name() {
-	append bss_conf "hs20_oper_friendly_name=$1" "$N"
+	[ -n "$1" ] && append bss_conf "hs20_oper_friendly_name=$1" "$N"
 }
 
 append_osu_provider_service_desc() {
-	append bss_conf "osu_service_desc=$1" "$N"
+	[ -n "$1" ] && append bss_conf "osu_service_desc=$1" "$N"
 }
 
 append_hs20_icon() {
@@ -418,15 +461,15 @@ append_hs20_icons() {
 }
 
 append_operator_icon() {
-	append bss_conf "operator_icon=$1" "$N"
+	[ -n "$1" ] && append bss_conf "operator_icon=$1" "$N"
 }
 
 append_osu_icon() {
-	append bss_conf "osu_icon=$1" "$N"
+	[ -n "$1" ] && append bss_conf "osu_icon=$1" "$N"
 }
 
 append_osu_provider() {
-	local cfgtype osu_server_uri osu_friendly_name osu_nai osu_nai2 osu_method_list 
+	local cfgtype osu_server_uri osu_nai osu_nai2 osu_method_list
 
 	config_load wireless
 	config_get cfgtype "$1" TYPE
@@ -438,12 +481,13 @@ append_osu_provider() {
 	config_get osu_nai2 "$1" osu_nai2
 	config_get osu_method_list "$1" osu_method
 
-	append bss_conf "osu_server_uri=$osu_server_uri" "$N"
-	append bss_conf "osu_nai=$osu_nai" "$N"
-	append bss_conf "osu_nai2=$osu_nai2" "$N"
-	append bss_conf "osu_method_list=$osu_method_list" "$N"
+	[ -n "$osu_server_uri" ] append bss_conf "osu_server_uri=$osu_server_uri" "$N"
+	[ -n "$osu_nai" ] append bss_conf "osu_nai=$osu_nai" "$N"
+	[ -n "$osu_nai2" ] append bss_conf "osu_nai2=$osu_nai2" "$N"
+	[ -n "$osu_method_list" ] append bss_conf "osu_method_list=$osu_method_list" "$N"
 
 	config_list_foreach "$1" osu_service_desc append_osu_provider_service_desc
+	config_list_foreach "$1" osu_friendly_name append_osu_friendly_name
 	config_list_foreach "$1" osu_icon append_osu_icon
 
 	append bss_conf "$N"
@@ -474,11 +518,12 @@ hostapd_set_bss_options() {
 		wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 wps_ap_setup_locked \
 		wps_independent wps_device_type wps_device_name wps_manufacturer wps_pin \
 		macfilter ssid utf8_ssid wmm uapsd hidden short_preamble rsn_preauth \
-		iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
+		iapp_interface eapol_version dynamic_vlan ieee80211w ieee80211ai nasid \
 		acct_server acct_secret acct_port acct_interval \
 		bss_load_update_period chan_util_avg_period sae_require_mfp \
 		multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key \
-		airtime_bss_weight airtime_bss_limit airtime_sta_weight
+		airtime_bss_weight airtime_bss_limit airtime_sta_weight \
+		rssi_reject_assoc_rssi rssi_ignore_probe_request rts_threshold 
 
 	set_default isolate 0
 	set_default maxassoc 0
@@ -498,6 +543,9 @@ hostapd_set_bss_options() {
 	set_default multi_ap 0
 	set_default airtime_bss_weight 0
 	set_default airtime_bss_limit 0
+	set_default rssi_reject_assoc_rssi 0
+	set_default rssi_ignore_probe_request 0
+	set_default rts_threshold -1
 
 	append bss_conf "ctrl_interface=/var/run/hostapd"
 	if [ "$isolate" -gt 0 ]; then
@@ -523,6 +571,9 @@ hostapd_set_bss_options() {
 	append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N"
 	append bss_conf "utf8_ssid=$utf8_ssid" "$N"
 	append bss_conf "multi_ap=$multi_ap" "$N"
+	append bss_conf "rssi_reject_assoc_rssi=$rssi_reject_assoc_rssi" "$N"
+	append bss_conf "rssi_ignore_probe_request=$rssi_ignore_probe_request" "$N"
+	append bss_conf "rts_threshold=$rts_threshold" "$N"
 
 	[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
 
@@ -911,9 +962,17 @@ hostapd_set_bss_options() {
 
 
 	local hs20 disable_dgaf osen anqp_domain_id hs20_deauth_req_timeout \
-		osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp
+		osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp \
+		interworking internet access_network_type asra esr uesa venue_group venue_type \
+		ipaddr_type_availability  gas_address3 hessid \
+		network_auth_type anqp_3gpp_cell_net domain_name anqp_elem qos_map_set \
+		hs20_t_c_server_url
 	json_get_vars hs20 disable_dgaf osen anqp_domain_id hs20_deauth_req_timeout \
-		osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp
+		osu_ssid hs20_wan_metrics hs20_operating_class hs20_t_c_filename hs20_t_c_timestamp \
+		interworking internet access_network_type asra esr uesa venue_group venue_type \
+		ipaddr_type_availability  gas_address3 hessid \
+		network_auth_type anqp_3gpp_cell_net domain_name anqp_elem qos_map_set \
+		hs20_t_c_server_url
 
 	set_default hs20 0
 	set_default disable_dgaf $hs20
@@ -923,19 +982,42 @@ hostapd_set_bss_options() {
 	if [ "$hs20" = "1" ]; then
 		append bss_conf "hs20=1" "$N"
 		append_hs20_icons
-		append bss_conf "disable_dgaf=$disable_dgaf" "$N"
-		append bss_conf "osen=$osen" "$N"
-		append bss_conf "anqp_domain_id=$anqp_domain_id" "$N"
-		append bss_conf "hs20_deauth_req_timeout=$hs20_deauth_req_timeout" "$N"
+		[ -n "$disable_dgaf"] && append bss_conf "disable_dgaf=$disable_dgaf" "$N"
+		[ -n "$osen"] && append bss_conf "osen=$osen" "$N"
+		[ -n "$anqp_domain_id"] && append bss_conf "anqp_domain_id=$anqp_domain_id" "$N"
+		[ -n "$hs20_deauth_req_timeout"] && append bss_conf "hs20_deauth_req_timeout=$hs20_deauth_req_timeout" "$N"
 		[ -n "$osu_ssid" ] && append bss_conf "osu_ssid=$osu_ssid" "$N"
 		[ -n "$hs20_wan_metrics" ] && append bss_conf "hs20_wan_metrics=$hs20_wan_metrics" "$N"
 		[ -n "$hs20_operating_class" ] && append bss_conf "hs20_operating_class=$hs20_operating_class" "$N"
 		[ -n "$hs20_t_c_filename" ] && append bss_conf "hs20_t_c_filename=$hs20_t_c_filename" "$N"
 		[ -n "$hs20_t_c_timestamp" ] && append bss_conf "hs20_t_c_timestamp=$hs20_t_c_timestamp" "$N"
+		json_for_each_item append_hs20_oper_friendly_name hs20_oper_friendly_name
+		json_for_each_item append_roaming_consortium roaming_consortium
+		json_for_each_item append_venue_name venue_name
+		json_for_each_item append_venue_url venue_url
+		json_for_each_item append_nai_realm nai_realm
 		json_for_each_item append_hs20_conn_capab hs20_conn_capab
 		json_for_each_item append_hs20_oper_friendly_name hs20_oper_friendly_name
 		json_for_each_item append_osu_provider osu_provider
 		json_for_each_item append_operator_icon operator_icon
+		[ -n "$interworking" ] && append bss_conf "interworking=$interworking" "$N"
+		[ -n "$internet" ] && append bss_conf "internet=$internet" "$N"
+		[ -n "$access_network_type" ] && append bss_conf "access_network_type=$access_network_type" "$N"
+		[ -n "$asra" ] && append bss_conf "asra=$asra" "$N"
+		[ -n "$esr" ] && append bss_conf "esr=$esr" "$N"
+		[ -n "$uesa" ] && append bss_conf "uesa=$uesa" "$N"
+		[ -n "$venue_group" ] && append bss_conf "venue_group=$venue_group" "$N"
+		[ -n "$venue_type" ] && append bss_conf "venue_type=$venue_type" "$N"
+		[ -n "$ipaddr_type_availability" ] && append bss_conf "ipaddr_type_availability=$ipaddr_type_availability" "$N"
+		[ -n "$gas_address3" ] && append bss_conf "gas_address3=$gas_address3" "$N"
+		[ -n "$hessid" ] && append bss_conf "hessid=$hessid" "$N"
+		[ -n "$network_auth_type" ] && append bss_conf "network_auth_type=$network_auth_type" "$N"
+		[ -n "$anqp_3gpp_cell_net" ] && append bss_conf "anqp_3gpp_cell_net=$anqp_3gpp_cell_net" "$N"
+		[ -n "$nai_realm" ] && append bss_conf "nai_realm=$nai_realm" "$N"
+		[ -n "$anqp_elem" ] && append bss_conf "anqp_elem=$anqp_elem" "$N"
+		[ -n "$qos_map_set" ] && append bss_conf "qos_map_set=$qos_map_set" "$N"
+		[ -n "$domain_name" ] && append bss_conf "domain_name=$domain_name" "$N"
+		[ -n "$hs20_t_c_server_url" ] && append bss_conf "hs20_t_c_server_url=$hs20_t_c_server_url" "$N"
 	fi
 
 	bss_md5sum=$(echo $bss_conf | md5sum | cut -d" " -f1)
@@ -1058,9 +1140,9 @@ wpa_supplicant_set_fixed_freq() {
 		VHT*) append network_data "vht=1" "$N$T";;
 	esac
 	case "$htmode" in
-		VHT80) append network_data "max_oper_chwidth=1" "$N$T";;
-		VHT160) append network_data "max_oper_chwidth=2" "$N$T";;
-		VHT20|VHT40) append network_data "max_oper_chwidth=0" "$N$T";;
+		VHT80|HE80) append network_data "max_oper_chwidth=1" "$N$T";;
+		VHT160|HE160) append network_data "max_oper_chwidth=2" "$N$T";;
+		VHT20|HE20|VHT40|HE40) append network_data "max_oper_chwidth=0" "$N$T";;
 		*) append network_data "disable_vht=1" "$N$T";;
 	esac
 }
diff --git a/package/network/services/hostapd/files/wpad.init b/package/network/services/hostapd/files/wpad.init
index 3198e9801f..e2cd380cb5 100644
--- a/package/network/services/hostapd/files/wpad.init
+++ b/package/network/services/hostapd/files/wpad.init
@@ -11,7 +11,7 @@ start_service() {
 		mkdir -p /var/run/hostapd
 		procd_open_instance hostapd
 		procd_set_param command /usr/sbin/hostapd -s -g /var/run/hostapd/global
-		procd_set_param respawn
+		procd_set_param respawn 3600 5 0
 		procd_close_instance
 	fi
 
@@ -19,7 +19,7 @@ start_service() {
 		mkdir -p /var/run/wpa_supplicant
 		procd_open_instance supplicant
 		procd_set_param command /usr/sbin/wpa_supplicant -n -s -g /var/run/wpa_supplicant/global
-		procd_set_param respawn
+		procd_set_param respawn 3600 5 0
 		procd_close_instance
 	fi
 }
diff --git a/package/network/services/hostapd/patches/800-probe_request-ignore-when-rssi-is-too-low.patch b/package/network/services/hostapd/patches/800-probe_request-ignore-when-rssi-is-too-low.patch
new file mode 100644
index 0000000000..182a3bb866
--- /dev/null
+++ b/package/network/services/hostapd/patches/800-probe_request-ignore-when-rssi-is-too-low.patch
@@ -0,0 +1,68 @@
+From e15b04870a7d7517a9b129d8d5cbebe6b8a25cb8 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Wed, 29 Jul 2020 17:38:15 +0200
+Subject: [PATCH 1/2] probe_request: ignore when rssi is too low
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ hostapd/config_file.c | 2 ++
+ src/ap/ap_config.c    | 1 +
+ src/ap/ap_config.h    | 1 +
+ src/ap/beacon.c       | 4 ++++
+ 4 files changed, 8 insertions(+)
+
+diff --git a/hostapd/config_file.c b/hostapd/config_file.c
+index 13396aad2..e0b182c8e 100644
+--- a/hostapd/config_file.c
++++ b/hostapd/config_file.c
+@@ -4454,6 +4454,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
+ 		conf->rssi_reject_assoc_rssi = atoi(pos);
+ 	} else if (os_strcmp(buf, "rssi_reject_assoc_timeout") == 0) {
+ 		conf->rssi_reject_assoc_timeout = atoi(pos);
++	} else if (os_strcmp(buf, "rssi_ignore_probe_request") == 0) {
++		conf->rssi_ignore_probe_request = atoi(pos);
+ 	} else if (os_strcmp(buf, "pbss") == 0) {
+ 		bss->pbss = atoi(pos);
+ 	} else if (os_strcmp(buf, "transition_disable") == 0) {
+diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
+index 56a4ac388..088bb831a 100644
+--- a/src/ap/ap_config.c
++++ b/src/ap/ap_config.c
+@@ -277,6 +277,7 @@ struct hostapd_config * hostapd_config_defaults(void)
+ 
+ 	conf->rssi_reject_assoc_rssi = 0;
+ 	conf->rssi_reject_assoc_timeout = 30;
++	conf->rssi_ignore_probe_request = 0;
+ 
+ #ifdef CONFIG_AIRTIME_POLICY
+ 	conf->airtime_update_interval = AIRTIME_DEFAULT_UPDATE_INTERVAL;
+diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
+index 7fe418363..a69a8d324 100644
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -1042,6 +1042,7 @@ struct hostapd_config {
+ 
+ 	int rssi_reject_assoc_rssi;
+ 	int rssi_reject_assoc_timeout;
++	int rssi_ignore_probe_request;
+ 
+ #ifdef CONFIG_AIRTIME_POLICY
+ 	enum {
+diff --git a/src/ap/beacon.c b/src/ap/beacon.c
+index ffb2e04d1..21fe04c2f 100644
+--- a/src/ap/beacon.c
++++ b/src/ap/beacon.c
+@@ -829,6 +829,10 @@ void handle_probe_req(struct hostapd_data *hapd,
+ 	struct radius_sta rad_info;
+ 	struct hostapd_data *resp_bss = hapd;
+ 
++	if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
++	    ssi_signal < hapd->iconf->rssi_ignore_probe_request)
++		return;
++
+ 	if (len < IEEE80211_HDRLEN)
+ 		return;
+ 	ie = ((const u8 *) mgmt) + IEEE80211_HDRLEN;
+-- 
+2.25.1
+
-- 
2.25.1