Pagefault error - Possibly DAWN related

Hello,

I've been experiencing issues with my wifi set up since updating to Openwrt 21.02.2.

My setup is essentially a Opnsense Router/Firewall and 3 Xiaomi R3Gs as dumb APs. I have several VLANs, each mapped to a wifi network, plus each AP has a hidden wifi management network.

I use DAWN for roaming, which worked just fine out of the box in Openwrt 21.02.0.

I finally sat down and upgraded all 3 APs to the exact same openwrt version: OpenWrt 21.02.2 r16495-bf0c965af0 , configured dawn as recommended here sat down and started looking at logs.

This happens essentially with Android phones. A BSS related message will pop up, a page fault will happen:

do_page_fault(): sending SIGSEGV to hostapd for invalid read access from 00000005

Which causes the reload of the entire network, for a few seconds: the interfaces are brought down and back up. Sometimes one time, but I've seen it happen up to 5 times in quick succession.

Apr 17 20:06:05 ap-1 hostapd: wlan0: STA a2:11:b0:XX:XX:XX WPA: pairwise key handshake completed (RSN)
Apr 17 20:06:05 ap-1 firewall: Reloading firewall due to ifupdate of lan (br-main.10)
Apr 17 20:06:05 ap-1 hostapd: wlan0: BSS-TM-RESP a2:11:b0:XX:XX:XX status_code=6 bss_termination_delay=0
Apr 17 20:06:05 ap-1 kernel: [ 8078.021263] do_page_fault(): sending SIGSEGV to hostapd for invalid read access from 00000005
Apr 17 20:06:05 ap-1 kernel: [ 8078.030106] epc = 55610855 in wpad[55609000+106000]
Apr 17 20:06:05 ap-1 kernel: [ 8078.035160] ra  = 55610855 in wpad[55609000+106000]
Apr 17 20:06:05 ap-1 kernel: [ 8078.044161] br-mgmt: port 2(wlan1-3) entered disabled state
Apr 17 20:06:05 ap-1 netifd: Network device 'wlan1-3' link is down
Apr 17 20:06:05 ap-1 firewall: Reloading firewall due to ifupdate of lan (br-main.10)
Apr 17 20:06:05 ap-1 kernel: [ 8078.503116] br-mgmt: port 2(wlan1-3) entered disabled state
Apr 17 20:06:05 ap-1 kernel: [ 8078.517472] device wlan1-3 left promiscuous mode
Apr 17 20:06:05 ap-1 kernel: [ 8078.522198] br-mgmt: port 2(wlan1-3) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8078.591527] br-main: port 9(wlan1-2) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8078.603469] device wlan1-2 left promiscuous mode
Apr 17 20:06:06 ap-1 kernel: [ 8078.608170] br-main: port 9(wlan1-2) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8078.691327] br-main: port 8(wlan1-1) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8078.706651] device wlan1-1 left promiscuous mode
Apr 17 20:06:06 ap-1 kernel: [ 8078.711356] br-main: port 8(wlan1-1) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8078.783544] br-mgmt: port 1(wlan0-3) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8078.797028] device wlan0-3 left promiscuous mode
Apr 17 20:06:06 ap-1 kernel: [ 8078.801804] br-mgmt: port 1(wlan0-3) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8078.883887] br-main: port 6(wlan0-2) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8078.897795] device wlan0-2 left promiscuous mode
Apr 17 20:06:06 ap-1 kernel: [ 8078.902550] br-main: port 6(wlan0-2) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8078.988144] br-main: port 5(wlan0-1) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8079.003559] device wlan0-1 left promiscuous mode
Apr 17 20:06:06 ap-1 kernel: [ 8079.008316] br-main: port 5(wlan0-1) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8079.077565] br-main: port 7(wlan1) entered disabled state
Apr 17 20:06:06 ap-1 kernel: [ 8079.084956] br-main: port 4(wlan0) entered disabled state
Apr 17 20:06:06 ap-1 netifd: Wireless device 'radio0' setup failed, retry=3
Apr 17 20:06:06 ap-1 netifd: Wireless device 'radio1' setup failed, retry=3
Apr 17 20:06:06 ap-1 netifd: Interface 'mgmt' is now down
Apr 17 20:06:07 ap-1 netifd: Interface 'mgmt' is disabled
Apr 17 20:06:07 ap-1 kernel: [ 8079.611780] br-main: port 4(wlan0) entered disabled state
Apr 17 20:06:07 ap-1 kernel: [ 8079.625358] br-main: port 7(wlan1) entered disabled state
Apr 17 20:06:07 ap-1 kernel: [ 8079.679329] device wlan0 left promiscuous mode

This causes the phones in question to drop out of wifi completely.

I've googled quite a bit, and found some issues related to dawn and hostapd on this openwrt version, but nothing explains this behavior I'm seeing.

Can anyone shed some light on this?

I can't see any immediate relation to DAWN there. I don't think it registers for or uses that BSS-TM-RESP message for example.

If you disable DAWN do you still see the hostapd crashes?

Hey, thanks for your reply.

Effectively none of these messages are DAWN related, but as you've stated when DAWN is stopped this issue stops happening.

I have no idea on how the ubus communication is actually handled between dawn and hostapd, but the message seems pretty consistent with some malformed instruction between the two causing a pagefault.

It should be possible to seperate DAWN from this, which should help with a resolution.

If you'r so inclinded you should have the ubus message for hostapd shown at the end here, which DAWN uses to steer a co-operative devcie and is probaly the source of the device BSS reply:

root@localhost:~# ubus -v list hostapd.wlan0
'hostapd.wlan0' @c9a5ca08
        "reload":{}
        ...
        "wnm_disassoc_imminent":{"addr":"String","duration":"Integer","neighbors":"Array","abridged":"Boolean"}
root@localhost:~#

There's some notes here on how to use that to steer a device manually: Dawn: a decentralized wireless controller - #61 by seemebreakthis

If you see the same crash when doing so it may help figure out what is happening. First thing I spot is that your BSS message has a status code of 6 (some kind of problem?) rather than 0 (OK). That may mean the rest of the message has an form that hostapd is not expecting.

Hey Ian,

I've ugpraded my aps to the recent new release. I'm still seeing this behavior with dawn enabled.

I'm going to try to get to the bottom of this with your suggestion.

I think i may also suffer from the same or something similar (see https://forum.openwrt.org/t/openwrt-21-02-3-third-service-release/125732/55?u=ramon for log).

Any idea if there is this is a know issue in hostapd and/or if this has been fixed already in a newer version?

Did you try the release candidate to see if it is still there?

Its not DAWN related, but it is triggered by DAWN doing its thing. I would expect this same error is happening with usteer as well. Its also not YET fixed in any later OpenWRT version.

The issue is in hostapd, and in particular the patches made to it to get BSS Transition Management responses sent over ubus. Its an uninitialized variable. If the response is a WNM_BSS_TM_ACCEPT type response, everything works fine. But a rejection of the transition request or an error response will fail to initialize the *target_bssid variable. If it happens to be NULL on the stack, it will just work by luck. If its some other low value (I was seeing 5) then it will cause a segfault, if its a high value it will be an invalid response with random garbage in the target_bssid to dawn/usteer (Only Accept has a target BSS).

I will post a proper patch, but if anyone wants to fix their WiFi crashing on 21.02 with band steering enabled. Replace the patch at package/network/services/hostsapd/patches/600-ubus_support.patch with the following file, and rebuild OpenWRT.

--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -171,6 +171,11 @@ OBJS += ../src/common/hw_features_common
 
 OBJS += ../src/eapol_auth/eapol_auth_sm.o
 
+ifdef CONFIG_UBUS
+CFLAGS += -DUBUS_SUPPORT
+OBJS += ../src/ap/ubus.o
+LIBS += -lubox -lubus
+endif
 
 ifdef CONFIG_CODE_COVERAGE
 CFLAGS += -O0 -fprofile-arcs -ftest-coverage
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -17,6 +17,7 @@
 #include "utils/list.h"
 #include "ap_config.h"
 #include "drivers/driver.h"
+#include "ubus.h"
 
 #define OCE_STA_CFON_ENABLED(hapd) \
 	((hapd->conf->oce & OCE_STA_CFON) && \
@@ -80,7 +81,7 @@ struct hapd_interfaces {
 #ifdef CONFIG_CTRL_IFACE_UDP
        unsigned char ctrl_iface_cookie[CTRL_IFACE_COOKIE_LEN];
 #endif /* CONFIG_CTRL_IFACE_UDP */
-
+	struct ubus_object ubus;
 };
 
 enum hostapd_chan_status {
@@ -154,6 +155,7 @@ struct hostapd_data {
 	struct hostapd_iface *iface;
 	struct hostapd_config *iconf;
 	struct hostapd_bss_config *conf;
+	struct hostapd_ubus_bss ubus;
 	int interface_added; /* virtual interface added for this BSS */
 	unsigned int started:1;
 	unsigned int disabled:1;
@@ -606,6 +608,7 @@ hostapd_alloc_bss_data(struct hostapd_if
 		       struct hostapd_bss_config *bss);
 int hostapd_setup_interface(struct hostapd_iface *iface);
 int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
+void hostapd_set_own_neighbor_report(struct hostapd_data *hapd);
 void hostapd_interface_deinit(struct hostapd_iface *iface);
 void hostapd_interface_free(struct hostapd_iface *iface);
 struct hostapd_iface * hostapd_alloc_iface(void);
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -395,6 +395,7 @@ void hostapd_free_hapd_data(struct hosta
 	hapd->beacon_set_done = 0;
 
 	wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
+	hostapd_ubus_free_bss(hapd);
 	accounting_deinit(hapd);
 	hostapd_deinit_wpa(hapd);
 	vlan_deinit(hapd);
@@ -1417,6 +1418,8 @@ static int hostapd_setup_bss(struct host
 	if (hapd->driver && hapd->driver->set_operstate)
 		hapd->driver->set_operstate(hapd->drv_priv, 1);
 
+	hostapd_ubus_add_bss(hapd);
+
 	return 0;
 }
 
@@ -1999,6 +2002,7 @@ static int hostapd_setup_interface_compl
 	if (err)
 		goto fail;
 
+	hostapd_ubus_add_iface(iface);
 	wpa_printf(MSG_DEBUG, "Completing interface initialization");
 	if (iface->freq) {
 #ifdef NEED_AP_MLME
@@ -2196,6 +2200,7 @@ dfs_offload:
 
 fail:
 	wpa_printf(MSG_ERROR, "Interface initialization failed");
+	hostapd_ubus_free_iface(iface);
 	hostapd_set_state(iface, HAPD_IFACE_DISABLED);
 	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
 #ifdef CONFIG_FST
@@ -2669,6 +2674,7 @@ void hostapd_interface_deinit_free(struc
 		   (unsigned int) iface->conf->num_bss);
 	driver = iface->bss[0]->driver;
 	drv_priv = iface->bss[0]->drv_priv;
+	hostapd_ubus_free_iface(iface);
 	hostapd_interface_deinit(iface);
 	wpa_printf(MSG_DEBUG, "%s: driver=%p drv_priv=%p -> hapd_deinit",
 		   __func__, driver, drv_priv);
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2327,13 +2327,18 @@ static void handle_auth(struct hostapd_d
 	u16 auth_alg, auth_transaction, status_code;
 	u16 resp = WLAN_STATUS_SUCCESS;
 	struct sta_info *sta = NULL;
-	int res, reply_res;
+	int res, reply_res, ubus_resp;
 	u16 fc;
 	const u8 *challenge = NULL;
 	u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
 	size_t resp_ies_len = 0;
 	u16 seq_ctrl;
 	struct radius_sta rad_info;
+	struct hostapd_ubus_request req = {
+		.type = HOSTAPD_UBUS_AUTH_REQ,
+		.mgmt_frame = mgmt,
+		.ssi_signal = rssi,
+	};
 
 	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
 		wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
@@ -2493,6 +2498,13 @@ static void handle_auth(struct hostapd_d
 		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 		goto fail;
 	}
+	ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+	if (ubus_resp) {
+		wpa_printf(MSG_DEBUG, "Station " MACSTR " rejected by ubus handler.\n",
+			MAC2STR(mgmt->sa));
+		resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
 	if (res == HOSTAPD_ACL_PENDING)
 		return;
 
@@ -4157,7 +4169,7 @@ static void handle_assoc(struct hostapd_
 	int resp = WLAN_STATUS_SUCCESS;
 	u16 reply_res;
 	const u8 *pos;
-	int left, i;
+	int left, i, ubus_resp;
 	struct sta_info *sta;
 	u8 *tmp = NULL;
 #ifdef CONFIG_FILS
@@ -4370,6 +4382,11 @@ static void handle_assoc(struct hostapd_
 		left = res;
 	}
 #endif /* CONFIG_FILS */
+	struct hostapd_ubus_request req = {
+		.type = HOSTAPD_UBUS_ASSOC_REQ,
+		.mgmt_frame = mgmt,
+		.ssi_signal = rssi,
+	};
 
 	/* followed by SSID and Supported rates; and HT capabilities if 802.11n
 	 * is used */
@@ -4468,6 +4485,14 @@ static void handle_assoc(struct hostapd_
 	}
 #endif /* CONFIG_FILS */
 
+	ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+	if (ubus_resp) {
+		wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+		       MAC2STR(mgmt->sa));
+		resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
+
  fail:
 
 	/*
@@ -4561,6 +4586,7 @@ static void handle_disassoc(struct hosta
 	wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
 		   MAC2STR(mgmt->sa),
 		   le_to_host16(mgmt->u.disassoc.reason_code));
+	hostapd_ubus_notify(hapd, "disassoc", mgmt->sa);
 
 	sta = ap_get_sta(hapd, mgmt->sa);
 	if (sta == NULL) {
@@ -4627,6 +4653,8 @@ static void handle_deauth(struct hostapd
 		" reason_code=%d",
 		MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
 
+	hostapd_ubus_notify(hapd, "deauth", mgmt->sa);
+
 	sta = ap_get_sta(hapd, mgmt->sa);
 	if (sta == NULL) {
 		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -814,6 +814,12 @@ void handle_probe_req(struct hostapd_dat
 	u16 csa_offs[2];
 	size_t csa_offs_len;
 	struct radius_sta rad_info;
+	struct hostapd_ubus_request req = {
+		.type = HOSTAPD_UBUS_PROBE_REQ,
+		.mgmt_frame = mgmt,
+		.ssi_signal = ssi_signal,
+		.elems = &elems,
+	};
 
 	if (len < IEEE80211_HDRLEN)
 		return;
@@ -996,6 +1002,12 @@ void handle_probe_req(struct hostapd_dat
 	}
 #endif /* CONFIG_P2P */
 
+	if (hostapd_ubus_handle_event(hapd, &req)) {
+		wpa_printf(MSG_DEBUG, "Probe request for " MACSTR " rejected by ubus handler.\n",
+		       MAC2STR(mgmt->sa));
+		return;
+	}
+
 	/* TODO: verify that supp_rates contains at least one matching rate
 	 * with AP configuration */
 
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -119,6 +119,10 @@ int hostapd_notif_assoc(struct hostapd_d
 	u16 reason = WLAN_REASON_UNSPECIFIED;
 	int status = WLAN_STATUS_SUCCESS;
 	const u8 *p2p_dev_addr = NULL;
+	struct hostapd_ubus_request req = {
+		.type = HOSTAPD_UBUS_ASSOC_REQ,
+		.addr = addr,
+	};
 
 	if (addr == NULL) {
 		/*
@@ -211,6 +215,12 @@ int hostapd_notif_assoc(struct hostapd_d
 		goto fail;
 	}
 
+	if (hostapd_ubus_handle_event(hapd, &req)) {
+		wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+			   MAC2STR(req.addr));
+		goto fail;
+	}
+
 #ifdef CONFIG_P2P
 	if (elems.p2p) {
 		wpabuf_free(sta->p2p_ie);
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -423,6 +423,7 @@ void ap_handle_timer(void *eloop_ctx, vo
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
 			       "local deauth request");
+		hostapd_ubus_notify(hapd, "local-deauth", sta->addr);
 		ap_free_sta(hapd, sta);
 		return;
 	}
@@ -578,6 +579,7 @@ skip_poll:
 		mlme_deauthenticate_indication(
 			hapd, sta,
 			WLAN_REASON_PREV_AUTH_NOT_VALID);
+		hostapd_ubus_notify(hapd, "inactive-deauth", sta->addr);
 		ap_free_sta(hapd, sta);
 		break;
 	}
@@ -1294,6 +1296,7 @@ void ap_sta_set_authorized(struct hostap
 					  buf, ip_addr, keyid_buf);
 	} else {
 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
+		hostapd_ubus_notify(hapd, "disassoc", sta->addr);
 
 		if (hapd->msg_ctx_parent &&
 		    hapd->msg_ctx_parent != hapd->msg_ctx)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -259,6 +259,7 @@ static void hostapd_wpa_auth_psk_failure
 	struct hostapd_data *hapd = ctx;
 	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
 		MAC2STR(addr));
+	hostapd_ubus_notify(hapd, "key-mismatch", addr);
 }
 
 
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -190,6 +190,12 @@ ifdef CONFIG_EAPOL_TEST
 CFLAGS += -Werror -DEAPOL_TEST
 endif
 
+ifdef CONFIG_UBUS
+CFLAGS += -DUBUS_SUPPORT
+OBJS += ubus.o
+LIBS += -lubox -lubus
+endif
+
 ifdef CONFIG_CODE_COVERAGE
 CFLAGS += -O0 -fprofile-arcs -ftest-coverage
 LIBS += -lgcov
@@ -956,6 +962,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
 CFLAGS += -DCONFIG_CTRL_IFACE_MIB
 endif
 OBJS += ../src/ap/ctrl_iface_ap.o
+ifdef CONFIG_UBUS
+OBJS += ../src/ap/ubus.o
+endif
 endif
 
 CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -6794,6 +6794,8 @@ struct wpa_supplicant * wpa_supplicant_a
 	}
 #endif /* CONFIG_P2P */
 
+	wpas_ubus_add_bss(wpa_s);
+
 	return wpa_s;
 }
 
@@ -6820,6 +6822,8 @@ int wpa_supplicant_remove_iface(struct w
 	struct wpa_supplicant *parent = wpa_s->parent;
 #endif /* CONFIG_MESH */
 
+	wpas_ubus_free_bss(wpa_s);
+
 	/* Remove interface from the global list of interfaces */
 	prev = global->ifaces;
 	if (prev == wpa_s) {
@@ -7123,8 +7127,12 @@ int wpa_supplicant_run(struct wpa_global
 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
 
+	wpas_ubus_add(global);
+
 	eloop_run();
 
+	wpas_ubus_free(global);
+
 	return 0;
 }
 
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -17,6 +17,7 @@
 #include "wps/wps_defs.h"
 #include "config_ssid.h"
 #include "wmm_ac.h"
+#include "ubus.h"
 
 extern const char *const wpa_supplicant_version;
 extern const char *const wpa_supplicant_license;
@@ -310,6 +311,8 @@ struct wpa_global {
 #endif /* CONFIG_WIFI_DISPLAY */
 
 	struct psk_list_entry *add_psk; /* From group formation */
+
+	struct ubus_object ubus_global;
 };
 
 
@@ -520,6 +523,7 @@ struct wpa_supplicant {
 	unsigned char own_addr[ETH_ALEN];
 	unsigned char perm_addr[ETH_ALEN];
 	char ifname[100];
+	struct wpas_ubus_bss ubus;
 #ifdef CONFIG_MATCH_IFACE
 	int matched;
 #endif /* CONFIG_MATCH_IFACE */
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -33,6 +33,7 @@
 #include "p2p/p2p.h"
 #include "p2p_supplicant.h"
 #include "wps_supplicant.h"
+#include "ubus.h"
 
 
 #ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
@@ -392,6 +393,8 @@ static int wpa_supplicant_wps_cred(void
 	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
 			cred->cred_attr, cred->cred_attr_len);
 
+	wpas_ubus_notify(wpa_s, cred);
+
 	if (wpa_s->conf->wps_cred_processing == 1)
 		return 0;
 
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -896,6 +896,7 @@ int main(int argc, char *argv[])
 	}
 
 	hostapd_global_ctrl_iface_init(&interfaces);
+	hostapd_ubus_add(&interfaces);
 
 	if (hostapd_global_run(&interfaces, daemonize, pid_file)) {
 		wpa_printf(MSG_ERROR, "Failed to start eloop");
@@ -905,6 +906,7 @@ int main(int argc, char *argv[])
 	ret = 0;
 
  out:
+	hostapd_ubus_free(&interfaces);
 	hostapd_global_ctrl_iface_deinit(&interfaces);
 	/* Deinitialize all interfaces */
 	for (i = 0; i < interfaces.count; i++) {
--- a/wpa_supplicant/main.c
+++ b/wpa_supplicant/main.c
@@ -203,7 +203,7 @@ int main(int argc, char *argv[])
 
 	for (;;) {
 		c = getopt(argc, argv,
-			   "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuv::W");
+			   "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:nNo:O:p:P:qsTtuv::W");
 		if (c < 0)
 			break;
 		switch (c) {
@@ -271,6 +271,9 @@ int main(int argc, char *argv[])
 			params.conf_p2p_dev = optarg;
 			break;
 #endif /* CONFIG_P2P */
+		case 'n':
+			iface_count = 0;
+			break;
 		case 'o':
 			params.override_driver = optarg;
 			break;
--- a/src/ap/rrm.c
+++ b/src/ap/rrm.c
@@ -89,6 +89,9 @@ static void hostapd_handle_beacon_report
 		return;
 	wpa_msg(hapd->msg_ctx, MSG_INFO, BEACON_RESP_RX MACSTR " %u %02x %s",
 		MAC2STR(addr), token, rep_mode, report);
+	if (len < sizeof(struct rrm_measurement_beacon_report))
+		return;
+	hostapd_ubus_notify_beacon_report(hapd, addr, token, rep_mode, (struct rrm_measurement_beacon_report*) pos, len);
 }
 
 
@@ -350,6 +353,9 @@ void hostapd_handle_radio_measurement(st
 		   mgmt->u.action.u.rrm.action, MAC2STR(mgmt->sa));
 
 	switch (mgmt->u.action.u.rrm.action) {
+	case WLAN_RRM_LINK_MEASUREMENT_REPORT:
+		hostapd_ubus_handle_link_measurement(hapd, buf, len);
+		break;
 	case WLAN_RRM_RADIO_MEASUREMENT_REPORT:
 		hostapd_handle_radio_msmt_report(hapd, buf, len);
 		break;
--- a/src/ap/wnm_ap.c
+++ b/src/ap/wnm_ap.c
@@ -461,7 +461,7 @@ static void ieee802_11_rx_bss_trans_mgmt
 					      size_t len)
 {
 	u8 dialog_token, status_code, bss_termination_delay;
-	const u8 *pos, *end;
+	const u8 *pos, *end, *target_bssid;
 	int enabled = hapd->conf->bss_transition;
 	struct sta_info *sta;
 
@@ -508,6 +508,7 @@ static void ieee802_11_rx_bss_trans_mgmt
 			wpa_printf(MSG_DEBUG, "WNM: not enough room for Target BSSID field");
 			return;
 		}
+		target_bssid = pos;
 		sta->agreed_to_steer = 1;
 		eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
 		eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer,
@@ -527,6 +528,11 @@ static void ieee802_11_rx_bss_trans_mgmt
 			MAC2STR(addr), status_code, bss_termination_delay);
+		target_bssid = NULL;
 	}
 
+	hostapd_ubus_notify_bss_transition_response(hapd, sta->addr, dialog_token,
+						    status_code, bss_termination_delay,
+						    target_bssid, pos, end - pos);
+
 	wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries",
 		    pos, end - pos);
 }
1 Like

Proper patch for openwrt master is here:
http://lists.openwrt.org/pipermail/openwrt-devel/2022-July/039097.html

It should be easy to apply to any previous version.

I would appreciate it if you could add it to 21 and 22 branches as well (after testing of course).

Thank you

I normally see patches just posted to master, and then they get cherry picked back to the branches. This patch should apply without conflicts (with fuzz) to both those branches.

So, anyone who wants to patch their own build with it should be able to. Let me know if that doesn't work.

The openwrt devs should be able to merge it into those branches without issue from this patch also. I will follow up on any feedback the patch gets, but I have no power to get it merged or applied to other branches.

The issue for it is also here: https://github.com/openwrt/openwrt/issues/10332
If you want to advocate for it to be merged :slight_smile:

1 Like

I never tried making my own build. I usually just use the release version. :slight_smile: The reason to cherry pick it would of course be that the bug breaks functionality.

But anyway I will make a comment on the issue on github.

Thx

ok seems the patch is not being picked up. So unfortunately I guess I just need to take things into my own hands, i.e. start building my own image... :frowning_face:

Do you know if there is a tutorial somewhere, Including how to add packages?

Thank you,

Ramon

Work through this.

I build in a docker container, they recommend a VM. Works the same. The reason I do that is for whatever reason, I can't build natively on Arch. So I have a docker container set up with debian and all the necessary pre-requisites. If your on windows or mac, go the VM road. Just make sure its got enough ram allocated, and give it 100% access to all your CPU resources.

I also fork the openwrt repo and branch the version I want (say 21.02) and add my changes onto that. And copy my config file there as well. I then clone that for the build, rather than the openwrt repo directly.

You get the config file when you do the build and ask for the menu, it will show a menu of your current options and you can tweak them. And this is where you choose the packages/modules that you want included (*) instead of (M).

The other thing I find is running the build multiple times is not reliable. Sometimes it works, sometimes it fails, sometimes it looks like it works but actually didn't include your changes. So I do a clean rebuild every time. Your mileage might vary.

Pay special attention to: https://openwrt.org/docs/guide-developer/toolchain/use-buildsystem#download_sources_and_multi_core_compile

Builds are SLOWWWWWWW. Use every core you have. So, its not really optional you need to do the make download and use -j in the build. Use a terminal with infinite scroll back, so you can find any Errors that might stop the build. Randomly I get build errors when OpenWrt builds perl (Why it builds perl I don't know, my system has perl installed and i don't have perl on the router ?????) If i do a clean rebuild it will probably work, looks like some kind of multi-core race. Just mentioning it in case your build breaks on perl and your like WTF.... If you nice -n 19 the build you can continue to use your computer productively while you wait.

Another trick, if you have the ram, is clone the repo for a build into a ram disk. I set up my /tmp so that I can do this. Shaves a good chunk off the build time. But thats only if you have tons of ram (64GB is enough, 32GB may be, I doubt 16 is)

To give you a sense of how slow a build can be, It can take many hours to build on a slow machine or on a single core, my laptop used to take 8 hours to do a build. From ram, with a 16 core/32 thread machine I can build a whole image in around 30 minutes.

1 Like

I just checked, my laptop only has 16GB, 6 cores 12 threats, so guess that plan is out of the window as well.. oh well, just be patient then I guess and live with the occasional drop in connection (usually my other AP picks up the connection but it can be a bit iffy depending on the physical location), or maybe I should jsut revert to an older version, but wel security...

Any chance to get that patch landed in upstream hostapd? Or is it part of the openwrt code?

oh one more question, if i uninstall usteer/dawn, will that prevent the pagefault?

Just reserve ~50+ GB for a native linux installtion of a separate partition, those specs are plenty for running linux and building OpenWrt on the bare iron. You may even get away with reserving ~5-6 GB RAM for a VM, but the bare iron install would be faster.

Which OpenWrt release are you using?

The nullpointer should be fixed with:

I am currently running 21.02.3 (latest stable).

So either that is not the fix or it is not included in the branch...

Best regards,

Ramon

Yes, 21.02 has that fix not included. However, I cherry-picked it now and did a PR:

I would recommend switching to 22.03.

1 Like

It is my production system, so I am always hesitant to switch to RC or snapshot...

Thanks for the PR.

Best regards,

Ramon