Add bridge driver (AP only)

This patch adds a new driver (AP only) that utilizes the linux bridge to
manage access on a per-port-basis.

hostapd/Makefile

@@ -1274,6 +1274,7 @@ endif
 
 $(DESTDIR)$(BINDIR)/%: %
 	install -D $(<) $(@)
+	install -m 0755 -D hostapd_auth_deauth.sh $(BINDIR)
 
 install: $(addprefix $(DESTDIR)$(BINDIR)/,$(ALL))
 

hostapd/config_file.c

@@ -2691,6 +2691,13 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 				   line, bss->eap_reauth_period);
 			return 1;
 		}
+	} else if (os_strcmp(buf, "eap_active_authentication") == 0) {
+		bss->eap_active_authentication = atoi(pos);
+		if (bss->eap_active_authentication < 0) {
+			wpa_printf(MSG_ERROR, "Line %d: invalid period %d",
+				   line, bss->eap_active_authentication);
+			return 1;
+		}
 	} else if (os_strcmp(buf, "eapol_key_index_workaround") == 0) {
 		bss->eapol_key_index_workaround = atoi(pos);
 #ifdef CONFIG_IAPP

hostapd/defconfig

@@ -15,6 +15,9 @@ CONFIG_DRIVER_HOSTAP=y
 # Driver interface for wired authenticator
 #CONFIG_DRIVER_WIRED=y
 
+# Driver interface for wired authenticator via bridge
+#CONFIG_DRIVER_BRIDGE=y
+
 # Driver interface for drivers using the nl80211 kernel interface
 CONFIG_DRIVER_NL80211=y
 

hostapd/hostapd_auth_deauth.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+LOG_FILE=/tmp/hostapd_auth_deauth.log
+
+operation="$1"
+mac="$2"
+port="$3"
+vlan=$(bridge vlan show dev "$port" | tail -1 |tr -s ' ' | cut -d' ' -f2)
+vlan=$(bridge vlan show dev "$port" | tail -1 | tr -s "\t" " " | cut -d" " -f2 | grep -Eo '[0-9]{1,4}')
+
+if [ -z "$vlan" ] ; then
+    cmd="bridge fdb ""$operation"" ""$mac"" dev ""$port"" master dynamic"
+else
+    cmd="bridge fdb ""$operation"" ""$mac"" dev ""$port"" vlan ""$vlan"" master dynamic"
+fi
+
+{
+    printf "Date is %s\n" "$(date)"
+    printf "Operastion is %s\n" "$operation"
+    printf "MAC is %s\n" "$mac"
+    printf "Port is %s\n" "$port"
+    if [ -z "$vlan" ] ; then
+	printf "VLAN is empty\n"
+    else
+	printf "VLAN is %s\n" "$vlan"
+    fi
+    printf "\n"
+    printf "Cmd is %s\n" "$cmd"
+} > "$LOG_FILE"
+
+if ! $cmd >> "$LOG_FILE" 2>&1 ; then
+    printf "HOSTAPD AUTH SCRIPT: Command %s failed!\n" "$cmd"
+    cat "$LOG_FILE"
+    exit 1
+fi
+
+exit 0

hostapd/main.c

@@ -191,6 +191,7 @@ static int hostapd_driver_init(struct hostapd_iface *iface)
 	params.ifname = hapd->conf->iface;
 	params.driver_params = hapd->iconf->driver_params;
 	params.use_pae_group_addr = hapd->conf->use_pae_group_addr;
+	params.eap_active_authentication = hapd->conf->eap_active_authentication;
 
 	params.num_bridge = hapd->iface->num_bss;
 	params.bridge = os_calloc(hapd->iface->num_bss, sizeof(char *));

src/ap/ap_config.c

@@ -65,6 +65,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
 	bss->auth_algs = WPA_AUTH_ALG_OPEN;
 #endif /* CONFIG_WEP */
 	bss->eap_reauth_period = 3600;
+	bss->eap_active_authentication = 0;
 
 	bss->wpa_group_rekey = 600;
 	bss->wpa_gmk_rekey = 86400;

src/ap/ap_config.h

@@ -329,6 +329,7 @@ struct hostapd_bss_config {
 	int broadcast_key_idx_min, broadcast_key_idx_max;
 #endif /* CONFIG_WEP */
 	int eap_reauth_period;
+	int eap_active_authentication;
 	int erp_send_reauth_start;
 	char *erp_domain;
 

src/drivers/driver.h

@@ -2236,6 +2236,7 @@ struct wpa_init_params {
 	const char *ifname;
 	const char *driver_params;
 	int use_pae_group_addr;
+	int eap_active_authentication;
 	char **bridge;
 	size_t num_bridge;
 
@@ -6153,6 +6154,9 @@ extern struct wpa_driver_ops wpa_driver_ndis_ops; /* driver_ndis.c */
 #ifdef CONFIG_DRIVER_WIRED
 extern const struct wpa_driver_ops wpa_driver_wired_ops; /* driver_wired.c */
 #endif /* CONFIG_DRIVER_WIRED */
+#ifdef CONFIG_DRIVER_BRIDGE
+extern const struct wpa_driver_ops wpa_driver_bridge_ops; /* driver_bridge.c */
+#endif /* CONFIG_DRIVER_BRIDGE */
 #ifdef CONFIG_DRIVER_MACSEC_QCA
 /* driver_macsec_qca.c */
 extern const struct wpa_driver_ops wpa_driver_macsec_qca_ops;