Can somebody try to steer a client?
First enable
ubus call hostapd.wlan0 bss_mgmt_enable '{"neighbor_report":True, "beacon_report":True, "bss_transition": True}'
ubus call hostapd.wlan1 bss_mgmt_enable '{"neighbor_report":True, "beacon_report":True, "bss_transition": True}'
Get Neighbor Reports
ubus call hostapd.wlan0 rrm_nr_get_own
ubus call hostapd.wlan1 rrm_nr_get_own
Now steer a client from wlan0 to wlan1 or or the other way around
ubus call hostapd.wlan0 wnm_disassoc_imminent '{"addr":"00:xx:xx:xx:xx:xx", "duration": 120, "neighbors":["[THE STRING OF THE NEIGHBOR REPORT FROM WLAN0 OR WLAN1]"]}'
I'm not sure if the client gets deauthed, or it switches the interface on it's own. I have to increase the debug level.
You can set the debug level of hostapd with
option log_level '0'
and check with
grep _level /var/run/hostapd-phy0.conf
Okay, I tried with a Xiaomi Mi 8 and it works
daemon.notice hostapd: wlan1: BSS-TM-RESP xx:xx:xx:xx:xx:xx status_code=0 bss_termination_delay=0 target_bssid=xx:xx:xx:xx:xx:xx
Can someone confirm this bug I reported?
https://bugzilla.kernel.org/show_bug.cgi?id=205813
I can crash my system with a TL-WN722N (ath9k) by sending several beacon requests...