hostapd: fix MAC filter related log spam

Backport two upstream fixes to address overly verbose logging of MAC ACL
rejection messages.

Fixes: FS#1468
Signed-off-by: Jo-Philipp Wich <[email protected]>

package/network/services/hostapd/Makefile

@@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git

package/network/services/hostapd/patches/000-0001-Reduce-undesired-logging-of-ACL-rejection.patch

@@ -0,0 +1,39 @@
+From 6588f712220797c69dbd019daa19b82a50d92782 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <[email protected]>
+Date: Sun, 14 Oct 2018 19:57:22 +0300
+Subject: Reduce undesired logging of ACL rejection events from AP mode
+
+When Probe Request frame handling was extended to use MAC ACL through
+ieee802_11_allowed_address(), the MSG_INFO level log print ("Station
+<addr> not allowed to authenticate") from that function ended up getting
+printed even for Probe Request frames. That was not by design and it can
+result in excessive logging and MSG_INFO level if MAC ACL is used.
+
+Fix this by printing this log entry only for authentication and
+association frames. In addition, drop the priority of that log entry to
+MSG_DEBUG since this is not really an unexpected behavior in most MAC
+ACL use cases.
+
+Fixes: 92eb00aec2a0 ("Extend ACL check for Probe Request frames")
+Signed-off-by: Jouni Malinen <[email protected]>
+---
+ src/ap/ieee802_11.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1636,9 +1636,11 @@ ieee802_11_allowed_address(struct hostap
+ 				      is_probe_req);
+ 
+ 	if (res == HOSTAPD_ACL_REJECT) {
+-		wpa_printf(MSG_INFO,
+-			   "Station " MACSTR " not allowed to authenticate",
+-			   MAC2STR(addr));
++		if (!is_probe_req)
++			wpa_printf(MSG_DEBUG,
++				   "Station " MACSTR
++				   " not allowed to authenticate",
++				   MAC2STR(addr));
+ 		return HOSTAPD_ACL_REJECT;
+ 	}
+ 

package/network/services/hostapd/patches/000-0002-Drop-logging-priority-for-handle_auth_cb.patch

@@ -0,0 +1,28 @@
+From dc1b1c8db7905639be6f4de8173e2d97bf6df90d Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <[email protected]>
+Date: Sun, 14 Oct 2018 20:03:55 +0300
+Subject: Drop logging priority for handle_auth_cb no-STA-match messages
+
+This message was printed and MSG_INFO level which would be more
+reasonable for error cases where hostapd has accepted authentication.
+However, this is not really an error case for the cases where
+authentication was rejected (e.g., due to MAC ACL). Drop this to use
+MSG_DEBUG level.
+
+Signed-off-by: Jouni Malinen <[email protected]>
+---
+ src/ap/ieee802_11.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4018,7 +4018,8 @@ static void handle_auth_cb(struct hostap
+ 
+ 	sta = ap_get_sta(hapd, mgmt->da);
+ 	if (!sta) {
+-		wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found",
++		wpa_printf(MSG_DEBUG, "handle_auth_cb: STA " MACSTR
++			   " not found",
+ 			   MAC2STR(mgmt->da));
+ 		return;
+ 	}

package/network/services/hostapd/patches/600-ubus_support.patch

@@ -92,7 +92,7 @@
  		   __func__, driver, drv_priv);
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -1712,12 +1712,13 @@ ieee802_11_set_radius_info(struct hostap
+@@ -1714,12 +1714,13 @@ ieee802_11_set_radius_info(struct hostap
  
  
  static void handle_auth(struct hostapd_data *hapd,
@@ -108,7 +108,7 @@
  	u16 fc;
  	const u8 *challenge = NULL;
  	u32 session_timeout, acct_interim_interval;
-@@ -1728,6 +1729,11 @@ static void handle_auth(struct hostapd_d
+@@ -1730,6 +1731,11 @@ static void handle_auth(struct hostapd_d
  	char *identity = NULL;
  	char *radius_cui = NULL;
  	u16 seq_ctrl;
@@ -120,7 +120,7 @@
  
  	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
  		wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -1888,6 +1894,13 @@ static void handle_auth(struct hostapd_d
+@@ -1890,6 +1896,13 @@ static void handle_auth(struct hostapd_d
  		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
  		goto fail;
  	}
@@ -134,7 +134,7 @@
  	if (res == HOSTAPD_ACL_PENDING)
  		return;
  
-@@ -3167,12 +3180,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
+@@ -3169,12 +3182,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
  
  static void handle_assoc(struct hostapd_data *hapd,
  			 const struct ieee80211_mgmt *mgmt, size_t len,
@@ -149,7 +149,7 @@
  	struct sta_info *sta;
  	u8 *tmp = NULL;
  	struct hostapd_sta_wpa_psk_short *psk = NULL;
-@@ -3181,6 +3194,11 @@ static void handle_assoc(struct hostapd_
+@@ -3183,6 +3196,11 @@ static void handle_assoc(struct hostapd_
  #ifdef CONFIG_FILS
  	int delay_assoc = 0;
  #endif /* CONFIG_FILS */
@@ -161,7 +161,7 @@
  
  	if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
  				      sizeof(mgmt->u.assoc_req))) {
-@@ -3352,6 +3370,14 @@ static void handle_assoc(struct hostapd_
+@@ -3354,6 +3372,14 @@ static void handle_assoc(struct hostapd_
  	}
  #endif /* CONFIG_MBO */
  
@@ -176,7 +176,7 @@
  	/*
  	 * sta->capability is used in check_assoc_ies() for RRM enabled
  	 * capability element.
-@@ -3565,6 +3591,7 @@ static void handle_disassoc(struct hosta
+@@ -3567,6 +3593,7 @@ static void handle_disassoc(struct hosta
  	wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
  		   MAC2STR(mgmt->sa),
  		   le_to_host16(mgmt->u.disassoc.reason_code));
@@ -184,7 +184,7 @@
  
  	sta = ap_get_sta(hapd, mgmt->sa);
  	if (sta == NULL) {
-@@ -3630,6 +3657,8 @@ static void handle_deauth(struct hostapd
+@@ -3632,6 +3659,8 @@ static void handle_deauth(struct hostapd
  		" reason_code=%d",
  		MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
  
@@ -193,7 +193,7 @@
  	sta = ap_get_sta(hapd, mgmt->sa);
  	if (sta == NULL) {
  		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
-@@ -3949,7 +3978,7 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -3951,7 +3980,7 @@ int ieee802_11_mgmt(struct hostapd_data
  
  
  	if (stype == WLAN_FC_STYPE_PROBE_REQ) {
@@ -202,7 +202,7 @@
  		return 1;
  	}
  
-@@ -3969,17 +3998,17 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -3971,17 +4000,17 @@ int ieee802_11_mgmt(struct hostapd_data
  	switch (stype) {
  	case WLAN_FC_STYPE_AUTH:
  		wpa_printf(MSG_DEBUG, "mgmt::auth");