hostapd: new karma patch for version 2.0

2025-12-15 04:45:20 +01:00 · 2013-04-29 15:05:39 +00:00 · 2013-04-29 15:05:39 +00:00 · a194c132a7
commit a194c132a7
parent 84801fdc33
5 changed files with 1895 additions and 0 deletions
--- a/net-wireless/hostapd/Manifest
+++ b/net-wireless/hostapd/Manifest
@ -5,10 +5,16 @@ AUX hostapd-1.0-karma-0.2.patch 39202 SHA256 ce40eb1f2a205ef9ec5d0ff87c9df85a86c
 AUX hostapd-1.0-karma.patch 15724 SHA256 9f4d853c2974607aed7accb5785df224e3abdce4baf4dee787ca45421c85ec87 SHA512 694e8e03db5e3577359b0cc5c530ef528dd2bbeb64351060113fe67ee4446495999330edc5f38c3206c8525c5f401e35ca8a3c0f372f5c8e3205172680cf7fd9 WHIRLPOOL 36f6a45310a642fb2b1c2225d560ac85b1c08074c08108682fbb638ad27f8d01858ba48a2b64ffaa01832a52185afe5c39b521635b8767abdfaefb6c84a0a903
 AUX hostapd-1.0-libnl_path_fix.patch 892 SHA256 7ec9489fed14b7f3916d0aab63e34886bcf39d07c257101df53e16ef4db2b95d SHA512 10b1db56ec2bb8a2ab04dcd50b5a0442efdd4814ef6a4effc50d0157d61fc993ebb6f2f6775566fc0341668ad314dd2d4ec4e91177d59d76c59b8ceb2bf4c2f4 WHIRLPOOL ae16d72eb649d7267191a2542c204da92493279f3d09dc9de4349ca4a8db9d7e5f46d3d824e4b22900ad257e1bdcf86b26fb46eee63cbb8af48bd739b0d27ea0
 AUX hostapd-1.0-tls_length_fix.patch 1859 SHA256 bbca0422a0babbf9d7fad2b758ecddaae45624db1b2db6d7663292548e25906a SHA512 e354e9352605003101cba296735232d11ac685f1db8718e5d59b55de1b86b55144e4871afe85cae4374f52af1b42df3ebd4747e109c86e0750ef9eb5345453d7 WHIRLPOOL 6a9379b09ffb73d13ea813952e2b39b5ab90ec98a27ed211ff2904d52e346c9e6273fe99e8ae6509773597afa352d9e77f3081103c5e5c55c86e12f8176a5419
+AUX hostapd-2.0-cui.patch 12848 SHA256 86f3eeab008901c3f7f59d7a6a27f94292b9fdd58b41ef84170ba40b5fa83397 SHA512 20b1f89773e3bb1630c554f28803f0b5b6adfbbb969428a88ed6d1cba4ba21c36946048ac16672a2378d2ae85ca7ccb0a77b0df7d56a99c013054421cdae7fa3 WHIRLPOOL 77ee4d3c386fb4da275da05d5acad30bc98a3212301da68df7af6261d23ca7e5c3f85ee805ab70c68cc833e92afd290f845c0320d7af90ff0feb7579cf14342e
+AUX hostapd-2.0-karma.patch 38791 SHA256 bfaca51b2b03e11277debb452b0a52b5078115ed8967ddfbd7874a4e3ad26afc SHA512 269fbe1b420177b63c5c24321f2a435ef3338db36ee534c3e205f5c6f1e85df1b89ce6fb5de1ae363c5ff8965ec719fa2e0b80f0a2be3d1cc9ed84eecca8cce6 WHIRLPOOL cf69a9ea51bc94095fe89bb379436c305972a6675439683ff457a1c6853eebf7e77bf580f2624494cd48f39c45b82d1f7ff937728cd2527e4a307cbbfa14a2a1
+AUX hostapd-2.0-tls_length_fix.patch 1859 SHA256 bbca0422a0babbf9d7fad2b758ecddaae45624db1b2db6d7663292548e25906a SHA512 e354e9352605003101cba296735232d11ac685f1db8718e5d59b55de1b86b55144e4871afe85cae4374f52af1b42df3ebd4747e109c86e0750ef9eb5345453d7 WHIRLPOOL 6a9379b09ffb73d13ea813952e2b39b5ab90ec98a27ed211ff2904d52e346c9e6273fe99e8ae6509773597afa352d9e77f3081103c5e5c55c86e12f8176a5419
+AUX hostapd-2.0-wpe.patch 15067 SHA256 4fbdbf3f0e09702aba7205b3f6cac2fe63579d3da40f337075e1ffc4d10ef303 SHA512 3b8cc6217ca4285a2d2d790b353bffdf0e9b5170048823134230b857f3587fa5991b85496849110e90466c02a858fe22a75301c76764a486f1af10a7828d62f1 WHIRLPOOL 6d6086d01a6a1957066fdfbd02151745bfd6c494010d48e48ade7c76a19da0940216d1348d7c03e0ce905b458c663202e4dee009e348dbfae02969c5f8bb30d6
 AUX hostapd-conf.d 245 SHA256 916f4b14095ee4ec8a510391c883e9f01868e18d79a3d5cbeb13a104a793d45d SHA512 f07a6cd209eca351b8545017c5f025282c3fdea838ca3df49e362571ded43973281ce4ff83984b1299db15ea9b5c21a42cbda91432220af9146bf034e2265c30 WHIRLPOOL 0ab1dbd8e04df9e7b8ae875dfdfdcdd770e4fcb62197bb81e47588a9ecf0b8bb715adbde34f2be82d630fdd536e9f888f463dd12cab0c06220c345b0093a3dd5
 AUX hostapd-init.d 1022 SHA256 a220058841e66a11603df8e968ccc68945f01e1d11c1ae498922d0e01f6fa804 SHA512 0d9d3c69c7b4c50ab08a7633b3b0b2f770647045ba967de628c34bf37644dcae6ef8288cab0fd0508b8ee8eafa8f48bda0d378c5aadbbbc5cde9f5441f7c97a1 WHIRLPOOL e86f507cff5712ff2590f39c58989a379b81feb40cedcd424188e055ac38f772a7bb9c1089efabd6ff104078257aa2a20a82790e17b085c03264d35b6f4e274d
 DIST hostapd-1.0.tar.gz 1327943 SHA256 002e9dcb7e46cf82b5900a2fcf92b30fc8cdfd32a72d7fd4488588f1c013dfcc SHA512 2f189ef3d52099ee249a96820b257f331e0cb601e89dc01c583ec697d5e9a68f6b80c2913bbb4b37f18dc4a218f34ed9deb0357d55509de9d0f58dd60df33a8b WHIRLPOOL 79f0fd8b7f256d69771f8b022e74ee9908a6a613c875392cf151bdada86c077bbf8e88213547efa64c240daf9fb5e5f9bffe2fa5f7f98d5ca27d5d7058f5995a
+DIST hostapd-2.0.tar.gz 1376203 SHA256 262ce394b930bccc3d65fb99ee380f28d36444978f524c845a98e8e29f4e9d35 SHA512 25fddaaddb22903078cfaae29a1e955b60955f9f5542b52962a6a8d4c65146ca102e9ac085118ce422843c55349a74a019220dfd4926895e301d506dbc97b967 WHIRLPOOL e5ae2e760770d2f307b1c4235c9b0c9d25e1719a1d174efa30ce6bbbc07b5c46d5f7babc087b8f450f3b485fb640728ddd23761fb292bcd535ef38dc10ac1d45
 EBUILD hostapd-1.0-r4.ebuild 5519 SHA256 c911846537d95e6ce101988af1157ec772d03ce34da0ec6aa657580e4b497852 SHA512 7e01750d68513e33c0ee8848dd6ee851a32cfb500aa0cfae802b7aabaf86b32c2992b229f1f94f345ecc8dc0b4f220483f4b05f9f87b89b6fca8d37b6af0543b WHIRLPOOL 5dffe8e9070db5c2d71b4df1cedf52a7bf3f57308f76b4a13d2c11f6083c0e611c42c389ba9a75e4d15dba93534d18054a4b662b7223cf278de45e3362ca00cd
 EBUILD hostapd-1.0-r5.ebuild 5523 SHA256 61d713f72dae5f93b4cdaf9328edc29bb589ac67221b7ca220e544ae44abebac SHA512 ec9d9a96dcc3ea31529c827fbbe0095fb2e14125c1c35820a588352ecd44c7cef4ce6e590773294501f4d79e7d5ca0ebd2dc3cdf29e221bfc10bab19231d26f8 WHIRLPOOL ba48f2800633aaeb903cacca4830254b80a79079bc89333555dca325654ba94dc74af0e8c83e99f1d0b19c41cdd902a7b209c32dc6c618ed012460c0a037080b
+EBUILD hostapd-2.0.ebuild 5604 SHA256 7ce368dd8ad524d64d4ae31ae9dd041998d96771deae351f935e58628f8001b2 SHA512 16ad471fdebf5f9e2e5e92d42f75722c449b291090a6482672b9c9e7bacb00937b142f4071aace93aef26e0f6d43fd246c544f1e23cf783715517146f75d566a WHIRLPOOL f641b6c62bc6d75306c4dd98774ec02460ff031bd1cd5580aa8d0b9c0ebbe6cd5be8b60f6f895d1df1fbf9117e339434dae24299d6b6002fbc23974597add598
 MISC ChangeLog 20312 SHA256 4a1673cde56f1b7ea1dfd20f0ac702ad3e7e916b84cfdf4f5aa0448d01b13659 SHA512 1c03ba7921beb21500e160aa5abfb867967777f0c4a36e220524bde419a30663a03d38b757c97405a88e1a5a2baf91e27b8022514ae99bdd1b4768ad520ec15e WHIRLPOOL 3c0df927502c29770fcac11fad0a5c655ff05674fc7444fef1e4a68cdbb55b1690efd3b89d3240a978f045d33029be036961a44095173660cfe4d20c3a05918b
 MISC metadata.xml 752 SHA256 78c8bab11c00f4988d677b1f4bf5a66c3221c0f9a3c46cfaf333a8857f250662 SHA512 c9e8749a721896e4b91ee76b9008e8a3e0d58496d804a6ce103fa501ccd0322b18b28f69432babc506a4c97a22c993da11c34946d6b44517b3cbb45f80bf6bde WHIRLPOOL c8cc369fa5d5725617c4143053bef31f34fdc40b9a7c36a082765d5e9afcd12f5b45d567e7ea3e2431dfbbf3378daf05b73aead94978e650e012652e1928d7aa
--- a/net-wireless/hostapd/files/hostapd-2.0-cui.patch
+++ b/net-wireless/hostapd/files/hostapd-2.0-cui.patch
@ -0,0 +1,448 @@
+diff -urN hostapd-2.0.orig/src/ap/accounting.c hostapd-2.0/src/ap/accounting.c
+--- hostapd-2.0.orig/src/ap/accounting.c	2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/accounting.c	2013-04-29 10:16:25.982059247 +0800
+@@ -19,6 +19,7 @@
+ #include "sta_info.h"
+ #include "ap_drv_ops.h"
+ #include "accounting.h"
+/*#include "eapol_auth/eapol_auth_sm_i.h"*/
+ 
+ 
+ /* Default interval in seconds for polling TX/RX octets from the driver if
+@@ -40,6 +41,9 @@
+ 	size_t len;
+ 	int i;
+ 	struct wpabuf *b;
+	u8 *cui; /*Define CUI Attribute*/
+	size_t cui_len; /*Define CUI Attribute length*/
+	struct eapol_state_machine *sm = sta->eapol_sm;
+ 
+ 	msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
+ 			     radius_client_get_id(hapd->radius));
+@@ -81,6 +85,7 @@
+ 	if (sta) {
+ 		/* Use 802.1X identity if available */
+ 		val = ieee802_1x_get_identity(sta->eapol_sm, &len);
+		printf("GOT ID\n");
+ 
+ 		/* Use RADIUS ACL identity if 802.1X provides no identity */
+ 		if (!val && sta->identity) {
+@@ -102,6 +107,30 @@
+ 			printf("Could not add User-Name\n");
+ 			goto fail;
+ 		}
+
+		
+		/*Check if the CUI attribute is set, if so returns the TRUE or FALSE accordingly**************/
+		if (getSetCui(sta->eapol_sm)){
+		cui=get_CUI (sta->eapol_sm, &cui_len);
+		printf("GOT CUI\n");
+
+		if (!cui) {
+					
+					os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
+						    MAC2STR(sta->addr));
+					cui = (u8 *) buf;
+					cui_len = os_strlen(buf);
+				}
+		if (!radius_msg_add_attr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, cui,
+				cui_len)) { /*Add CUI attribute to the Accounting Request Message*/
+					printf("Could not add CUI\n");
+					goto fail;
+				}
+		/********************/
+		}
+		/*else { */
+		/*	printf ("PROBLEM IN IF\n");*/
+		/*}*/
+ 	}
+ 
+ 	if (add_common_radius_attr(hapd, hapd->conf->radius_acct_req_attr, sta,
+diff -urN hostapd-2.0.orig/src/ap/accounting.h hostapd-2.0/src/ap/accounting.h
+--- hostapd-2.0.orig/src/ap/accounting.h	2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/accounting.h	2013-04-29 10:13:06.594045862 +0800
+@@ -20,6 +20,7 @@
+ {
+ }
+ 
+
+ static inline void accounting_sta_stop(struct hostapd_data *hapd,
+ 				       struct sta_info *sta)
+ {
+diff -urN hostapd-2.0.orig/src/ap/ieee802_1x.c hostapd-2.0/src/ap/ieee802_1x.c
+--- hostapd-2.0.orig/src/ap/ieee802_1x.c	2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/ieee802_1x.c	2013-04-29 10:18:45.037068583 +0800
+@@ -1051,6 +1051,7 @@
+ 			 * re-authentication without having to wait for the
+ 			 * Supplicant to send EAPOL-Start.
+ 			 */
+			printf("REAUTHENTICATION-EAPOL");
+ 			sta->eapol_sm->reAuthenticate = TRUE;
+ 		}
+ 		eapol_auth_step(sta->eapol_sm);
+@@ -1316,6 +1317,68 @@
+ 	sm->radius_cui = cui;
+ }
+ 
+/* This method is used to   Set the CUI attribute Value**************************************/
+static void set_cui(struct hostapd_data *hapd,
+					   struct sta_info *sta,
+					   struct radius_msg *msg)
+
+{
+	u8 *buf,*cui_identity;
+	size_t len;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+
+	if (sm == NULL)
+			return;
+
+	if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, &buf, &len,
+					    NULL) < 0)
+			return;
+	cui_identity = os_malloc(len + 1);
+		if (cui_identity == NULL)
+			return;
+	os_memcpy(cui_identity, buf, len);
+	cui_identity[len] = '\0';
+
+	sm->cui = cui_identity;
+	sm->cui_len = len;
+	printf(" SET CUI %s",(char *) cui_identity);
+
+
+}
+
+
+/*  **************************************/
+
+/*check CUI attribute is available in Access Accept */
+static void check_cuiAttr (struct radius_msg *msg,struct sta_info *sta, struct hostapd_data *hapd)
+{
+	
+	struct eapol_state_machine *sm = sta->eapol_sm; /*Define a pointer to eapol_state_machine*/
+	
+
+	size_t i;
+
+	for (i = 0;i<msg->attr_used;i++)
+	{	struct radius_attr_hdr *attr = radius_get_attr_hdr(msg, i);
+		if (attr->type == RADIUS_ATTR_CHARGEABLE_USER_IDENTITY) /*check CUI attribute is availabe in Access-Accept packet*/
+		{
+			printf("CUI Attribute is Available");
+			sm->cuiAvailable = TRUE;
+			set_cui(hapd, sta, msg);
+			break;
+
+		}
+		else {
+			sm->cuiAvailable = FALSE;
+			printf ("CUI is not available in this packet");
+
+		}
+
+
+	}
+
+}
+
+ 
+ struct sta_id_search {
+ 	u8 identifier;
+@@ -1477,6 +1540,8 @@
+ 		ieee802_1x_store_radius_class(hapd, sta, msg);
+ 		ieee802_1x_update_sta_identity(hapd, sta, msg);
+ 		ieee802_1x_update_sta_cui(hapd, sta, msg);
+		/*set_cui(hapd, sta, msg);*/
+		check_cuiAttr(msg,sta,hapd);
+ 		if (sm->eap_if->eapKeyAvailable &&
+ 		    wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
+ 				       session_timeout_set ?
+@@ -1981,6 +2046,27 @@
+ }
+ 
+ 
+
+u8 * get_CUI(struct eapol_state_machine *sm, size_t *len) /* return CUI Attribute Value  ******************************/
+{
+	if (sm == NULL || sm->identity == NULL)
+		return NULL;
+
+	*len = sm->cui_len;
+	return sm->cui;
+}
+
+Boolean getSetCui (struct eapol_state_machine *sm) /*Check if the CUI value is set or not, and returns TRUE or FALSE accordingly*/
+
+{ if (sm->cuiAvailable)
+	return TRUE;
+else
+	return FALSE;
+	}
+
+/*****************************/
+
+
+ u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
+ 				 int idx)
+ {
+diff -urN hostapd-2.0.orig/src/ap/ieee802_1x.h hostapd-2.0/src/ap/ieee802_1x.h
+--- hostapd-2.0.orig/src/ap/ieee802_1x.h	2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/ieee802_1x.h	2013-04-29 10:13:07.019045890 +0800
+@@ -35,6 +35,13 @@
+ int ieee802_1x_eapol_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
+ 			       const u8 *data, int len, int ack);
+ u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len);
+
+/** definig CUI get function */
+u8 * get_CUI(struct eapol_state_machine *sm, size_t *len);
+Boolean getSetCui (struct eapol_state_machine *sm);
+
+/*********************/
+
+ u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
+ 				 int idx);
+ struct wpabuf * ieee802_1x_get_radius_cui(struct eapol_state_machine *sm);
+diff -urN hostapd-2.0.orig/src/ap/pmksa_cache_auth.c hostapd-2.0/src/ap/pmksa_cache_auth.c
+--- hostapd-2.0.orig/src/ap/pmksa_cache_auth.c	2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/pmksa_cache_auth.c	2013-04-29 10:13:07.020045890 +0800
+@@ -138,6 +138,20 @@
+ 	if (eapol->radius_cui)
+ 		entry->cui = wpabuf_dup(eapol->radius_cui);
+ 
+/*set to cui in to cache*/
+
+	if (eapol ->cui) {
+		
+		entry ->cui = os_malloc(eapol->cui_len); /*Allocate memory for CUI attribute*/
+		if (entry->cui) {
+			entry->cui_len = eapol->cui_len;
+			os_memcpy(entry->cui, eapol->cui,
+				  eapol->cui_len);
+		}
+	}
+
+/*set to cui in to cache*/
+
+ #ifndef CONFIG_NO_RADIUS
+ 	radius_copy_class(&entry->radius_class, &eapol->radius_class);
+ #endif /* CONFIG_NO_RADIUS */
+@@ -170,6 +184,25 @@
+ 		eapol->radius_cui = wpabuf_dup(entry->cui);
+ 	}
+ 
+/*Added to get CUI from the cache*/
+
+
+	if (entry->cui) {
+			os_free(eapol->cui);
+			
+			eapol->cui = os_malloc(entry->cui_len);
+			eapol->cuiAvailable=TRUE;
+			if (eapol->cui) {
+				eapol->cui_len = entry->cui_len;
+				os_memcpy(eapol->cui, entry->cui, 
+					  entry->cui_len); /*copy the CUI attribute value to EAPOL data structure*/
+			}
+			wpa_hexdump_ascii(MSG_DEBUG, "CUIfrom PMKSA",
+					  eapol->cui, eapol->cui_len);
+		}
+
+	/*Added to get CUI from the cache*/
+
+ #ifndef CONFIG_NO_RADIUS
+ 	radius_free_class(&eapol->radius_class);
+ 	radius_copy_class(&eapol->radius_class, &entry->radius_class);
+@@ -181,6 +214,7 @@
+ 
+ 	eapol->eap_type_authsrv = entry->eap_type_authsrv;
+ 	((struct sta_info *) eapol->sta)->vlan_id = entry->vlan_id;
+	printf ("GETTING CACHE ENTRY\n");
+ }
+ 
+ 
+diff -urN hostapd-2.0.orig/src/ap/pmksa_cache_auth.h hostapd-2.0/src/ap/pmksa_cache_auth.h
+--- hostapd-2.0.orig/src/ap/pmksa_cache_auth.h	2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/pmksa_cache_auth.h	2013-04-29 10:20:09.925074282 +0800
+@@ -26,6 +26,8 @@
+ 	u8 *identity;
+ 	size_t identity_len;
+ 	struct wpabuf *cui;
+	u8 *cui; /* cui by me*/
+	size_t cui_len; /*Size of the cached cui by me*/
+ 	struct radius_class_data radius_class;
+ 	u8 eap_type_authsrv;
+ 	int vlan_id;
+diff -urN hostapd-2.0.orig/src/common/ieee802_11_common.c hostapd-2.0/src/common/ieee802_11_common.c
+--- hostapd-2.0.orig/src/common/ieee802_11_common.c	2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/common/ieee802_11_common.c	2013-04-29 10:13:07.061045893 +0800
+@@ -25,8 +25,8 @@
+ 	if (elen < 4) {
+ 		if (show_errors) {
+ 			wpa_printf(MSG_MSGDUMP, "short vendor specific "
+-				   "information element ignored (len=%lu)",
+-				   (unsigned long) elen);
+				  "information element ignored (len=%lu)",
+				  (unsigned long) elen);
+ 		}
+ 		return -1;
+ 	}
+diff -urN hostapd-2.0.orig/src/eapol_auth/eapol_auth_sm_i.h hostapd-2.0/src/eapol_auth/eapol_auth_sm_i.h
+--- hostapd-2.0.orig/src/eapol_auth/eapol_auth_sm_i.h	2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/eapol_auth/eapol_auth_sm_i.h	2013-04-29 10:13:07.062045893 +0800
+@@ -69,6 +69,7 @@
+ 	/* variables */
+ 	Boolean eapolLogoff;
+ 	Boolean eapolStart;
+	Boolean cuiAvailable; /*to check CUI is available in AcessAccept*/
+ 	PortTypes portMode;
+ 	unsigned int reAuthCount;
+ 	/* constants */
+@@ -153,6 +154,8 @@
+ 	u8 last_eap_id; /* last used EAP Identifier */
+ 	u8 *identity;
+ 	size_t identity_len;
+	u8 *cui; /*Define CUI Attribute*/
+	size_t cui_len; /*Define CUI attribute length*/
+ 	u8 eap_type_authsrv; /* EAP type of the last EAP packet from
+ 			      * Authentication server */
+ 	u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
+diff -urN hostapd-2.0.orig/src/radius/radius.c hostapd-2.0/src/radius/radius.c
+--- hostapd-2.0.orig/src/radius/radius.c	2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/radius/radius.c	2013-04-29 10:13:07.062045893 +0800
+@@ -18,16 +18,16 @@
+ /**
+  * struct radius_msg - RADIUS message structure for new and parsed messages
+  */
+-struct radius_msg {
+//struct radius_msg {
+ 	/**
+ 	 * buf - Allocated buffer for RADIUS message
+ 	 */
+-	struct wpabuf *buf;
+	//struct wpabuf *buf;
+ 
+ 	/**
+ 	 * hdr - Pointer to the RADIUS header in buf
+ 	 */
+-	struct radius_hdr *hdr;
+	//struct radius_hdr *hdr;
+ 
+ 	/**
+ 	 * attr_pos - Array of indexes to attributes
+@@ -35,18 +35,18 @@
+ 	 * The values are number of bytes from buf to the beginning of
+ 	 * struct radius_attr_hdr.
+ 	 */
+-	size_t *attr_pos;
+	//size_t *attr_pos;
+ 
+ 	/**
+ 	 * attr_size - Total size of the attribute pointer array
+ 	 */
+-	size_t attr_size;
+	//size_t attr_size;
+ 
+ 	/**
+ 	 * attr_used - Total number of attributes in the array
+ 	 */
+-	size_t attr_used;
+-};
+	//size_t attr_used;
+//};
+ 
+ 
+ struct radius_hdr * radius_msg_get_hdr(struct radius_msg *msg)
+@@ -60,7 +60,7 @@
+ 	return msg->buf;
+ }
+ 
+-
+/*
+ static struct radius_attr_hdr *
+ radius_get_attr_hdr(struct radius_msg *msg, int idx)
+ {
+@@ -68,7 +68,7 @@
+ 		(wpabuf_mhead_u8(msg->buf) + msg->attr_pos[idx]);
+ }
+ 
+-
+*/
+ static void radius_msg_set_hdr(struct radius_msg *msg, u8 code, u8 identifier)
+ {
+ 	msg->hdr->code = code;
+diff -urN hostapd-2.0.orig/src/radius/radius.h hostapd-2.0/src/radius/radius.h
+--- hostapd-2.0.orig/src/radius/radius.h	2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/radius/radius.h	2013-04-29 10:13:07.064045893 +0800
+@@ -15,6 +15,45 @@
+ #pragma pack(push, 1)
+ #endif /* _MSC_VER */
+ 
+/************************/
+struct radius_msg {
+	/**
+	 * buf - Allocated buffer for RADIUS message
+	 */
+	struct wpabuf *buf;
+
+	/**
+	 * hdr - Pointer to the RADIUS header in buf
+	 */
+	struct radius_hdr *hdr;
+
+	/**
+	 * attr_pos - Array of indexes to attributes
+	 *
+	 * The values are number of bytes from buf to the beginning of
+	 * struct radius_attr_hdr.
+	 */
+	size_t *attr_pos;
+
+	/**
+	 * attr_size - Total size of the attribute pointer array
+	 */
+	size_t attr_size;
+
+	/**
+	 * attr_used - Total number of attributes in the array
+	 */
+	size_t attr_used;
+};
+
+
+
+
+/***********************/
+
+
+
+
+ struct radius_hdr {
+ 	u8 code;
+ 	u8 identifier;
+@@ -210,6 +249,10 @@
+ 			       size_t secret_len);
+ struct radius_attr_hdr * radius_msg_add_attr(struct radius_msg *msg, u8 type,
+ 					     const u8 *data, size_t data_len);
+
+/****************************/
+
+/*****************************/
+ struct radius_msg * radius_msg_parse(const u8 *data, size_t len);
+ int radius_msg_add_eap(struct radius_msg *msg, const u8 *data,
+ 		       size_t data_len);
+@@ -250,7 +293,13 @@
+ 	u32 val = htonl(value);
+ 	return radius_msg_add_attr(msg, type, (u8 *) &val, 4) != NULL;
+ }
+-
+/**********************/
+static struct radius_attr_hdr * radius_get_attr_hdr(struct radius_msg *msg, int idx)
+{
+	return (struct radius_attr_hdr *)
+		(wpabuf_mhead_u8(msg->buf) + msg->attr_pos[idx]);
+}
+/**************************/
+ static inline int radius_msg_get_attr_int32(struct radius_msg *msg, u8 type,
+ 					    u32 *value)
+ {
--- a/net-wireless/hostapd/files/hostapd-2.0-karma.patch
+++ b/net-wireless/hostapd/files/hostapd-2.0-karma.patch
--- a/net-wireless/hostapd/files/hostapd-2.0-tls_length_fix.patch
+++ b/net-wireless/hostapd/files/hostapd-2.0-tls_length_fix.patch
@ -0,0 +1,48 @@
+From 586c446e0ff42ae00315b014924ec669023bd8de Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 7 Oct 2012 20:06:29 +0300
+Subject: [PATCH] EAP-TLS server: Fix TLS Message Length validation
+
+EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS
+Message Length value properly and could end up trying to store more
+information into the message buffer than the allocated size if the first
+fragment is longer than the indicated size. This could result in hostapd
+process terminating in wpabuf length validation. Fix this by rejecting
+messages that have invalid TLS Message Length value.
+
+This would affect cases that use the internal EAP authentication server
+in hostapd either directly with IEEE 802.1X or when using hostapd as a
+RADIUS authentication server and when receiving an incorrectly
+constructed EAP-TLS message. Cases where hostapd uses an external
+authentication are not affected.
+
+Thanks to Timo Warns for finding and reporting this issue.
+
+Signed-hostap: Jouni Malinen <j@w1.fi>
+intended-for: hostap-1
+---
+ src/eap_server/eap_server_tls_common.c |    8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
+index 31be2ec..46f282b 100644
+--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
+@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
+ 			return -1;
+ 		}
+ 
+		if (len > message_length) {
+			wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
+				   "first fragment of frame (TLS Message "
+				   "Length %d bytes)",
+				   (int) len, (int) message_length);
+			return -1;
+		}
+
+ 		data->tls_in = wpabuf_alloc(message_length);
+ 		if (data->tls_in == NULL) {
+ 			wpa_printf(MSG_DEBUG, "SSL: No memory for message");
+-- 
+1.7.4-rc1
+
--- a/net-wireless/hostapd/hostapd-2.0.ebuild
+++ b/net-wireless/hostapd/hostapd-2.0.ebuild
@ -0,0 +1,208 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/hostapd-2.0.ebuild,v 1.1 2013/01/21 10:42:21 gurligebis Exp $
+
+EAPI="4"
+
+inherit toolchain-funcs eutils
+
+DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
+HOMEPAGE="http://hostap.epitest.fi"
+SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz"
+
+LICENSE="|| ( GPL-2 BSD )"
+SLOT="0"
+KEYWORDS="~amd64 ~mips ~ppc ~x86"
+IUSE="debug ipv6 +karma logwatch madwifi +ssl +wps +crda"
+
+DEPEND="ssl? ( dev-libs/openssl )
+	kernel_linux? (
+		dev-libs/libnl:3
+		crda? ( net-wireless/crda )
+	)
+	madwifi? ( ||
+		( >net-wireless/madwifi-ng-tools-0.9.3
+		net-wireless/madwifi-old ) )"
+RDEPEND="${DEPEND}"
+
+S="${S}/${PN}"
+
+src_prepare() {
+	cd ..
+	epatch "${FILESDIR}/${P}-tls_length_fix.patch"
+#there is initial cui support in that version. Do we still need it?
+#	use cui && epatch "${FILESDIR}/${P}-cui.patch"
+	use karma && epatch "${FILESDIR}/${P}-karma.patch"
+#this patch is coming
+#	use wpe && epatch "${FILESDIR}/${P}-wpe.patch"
+	sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
+		"${S}/hostapd.conf" || die
+}
+
+src_configure() {
+	local CONFIG="${S}/.config"
+
+	# toolchain setup
+	echo "CC = $(tc-getCC)" > ${CONFIG}
+
+	# EAP authentication methods
+	echo "CONFIG_EAP=y" >> ${CONFIG}
+	echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
+
+	if use ssl; then
+		# SSL authentication methods
+		echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
+		echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
+		echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
+		echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
+	fi
+
+	if use wps; then
+		# Enable Wi-Fi Protected Setup
+		echo "CONFIG_WPS=y" >> ${CONFIG}
+		echo "CONFIG_WPS2=y" >> ${CONFIG}
+		echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
+		einfo "Enabling Wi-Fi Protected Setup support"
+	fi
+
+	echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
+	echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
+	echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
+	echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
+	echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
+	echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
+	echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
+	echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
+
+	einfo "Enabling drivers: "
+
+	# drivers
+	echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
+	einfo "  HostAP driver enabled"
+	echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
+	einfo "  Wired driver enabled"
+	echo "CONFIG_DRIVER_PRISM54=y" >> ${CONFIG}
+	einfo "  Prism54 driver enabled"
+	echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
+	einfo "  None driver enabled"
+
+	if use madwifi; then
+		# Add include path for madwifi-driver headers
+		einfo "  Madwifi driver enabled"
+		echo "CFLAGS += -I/usr/include/madwifi" >> ${CONFIG}
+		echo "CONFIG_DRIVER_MADWIFI=y" >> ${CONFIG}
+	else
+		einfo "  Madwifi driver disabled"
+	fi
+
+	einfo "  nl80211 driver enabled"
+	echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
+	echo "CFLAGS += -I/usr/include/netlink" >> ${CONFIG}
+	echo "LIBS += -L/usr/lib" >> ${CONFIG}
+
+	# misc
+	echo "CONFIG_PKCS12=y" >> ${CONFIG}
+	echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
+	echo "CONFIG_IAPP=y" >> ${CONFIG}
+	echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
+	echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
+	echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
+	echo "CONFIG_PEERKEY=y" >> ${CONFIG}
+	echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
+	echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
+
+	if use ipv6; then
+		# IPv6 support
+		echo "CONFIG_IPV6=y" >> ${CONFIG}
+	fi
+
+	if ! use debug; then
+		echo "CONFIG_NO_STDOUT_DEBUG=y" >> ${CONFIG}
+	fi
+
+	# If we are using libnl 2.0 and above, enable support for it
+	# Removed for now, since the 3.2 version is broken, and we don't
+	# support it.
+	if has_version ">=dev-libs/libnl-3.2"; then
+		echo "CONFIG_LIBNL32=y" >> .config
+	fi
+
+	# TODO: Add support for BSD drivers
+
+	default_src_configure
+}
+
+src_compile() {
+	emake V=1
+
+	if use ssl; then
+		emake V=1 nt_password_hash
+		emake V=1 hlr_auc_gw
+	fi
+}
+
+src_install() {
+	insinto /etc/${PN}
+	doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
+
+	fperms -R 600 /etc/${PN}
+
+	dosbin ${PN}
+	dobin ${PN}_cli
+
+	use ssl && dobin nt_password_hash hlr_auc_gw
+
+	newinitd "${FILESDIR}"/${PN}-init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}-conf.d ${PN}
+
+	doman ${PN}{.8,_cli.1}
+
+	dodoc ChangeLog README
+	use wps && dodoc README-WPS
+
+	docinto examples
+	dodoc wired.conf
+
+	if use logwatch; then
+		insinto /etc/log.d/conf/services/
+		doins logwatch/${PN}.conf
+
+		exeinto /etc/log.d/scripts/services/
+		doexe logwatch/${PN}
+	fi
+}
+
+pkg_postinst() {
+	einfo
+	einfo "In order to use ${PN} you need to set up your wireless card"
+	einfo "for master mode in /etc/conf.d/net and then start"
+	einfo "/etc/init.d/${PN}."
+	einfo
+	einfo "Example configuration:"
+	einfo
+	einfo "config_wlan0=( \"192.168.1.1/24\" )"
+	einfo "channel_wlan0=\"6\""
+	einfo "essid_wlan0=\"test\""
+	einfo "mode_wlan0=\"master\""
+	einfo
+	if use madwifi; then
+		einfo "This package compiles against the headers installed by"
+		einfo "madwifi-old, madwifi-ng or madwifi-ng-tools."
+		einfo "You should remerge ${PN} after upgrading these packages."
+		einfo
+		einfo "Since you are using the madwifi-ng driver, you should disable or"
+		einfo "comment out wme_enabled from ${PN}.conf, since it will"
+		einfo "cause problems otherwise (see bug #260377"
+	fi
+	#if [ -e "${KV_DIR}"/net/mac80211 ]; then
+	#	einfo "This package now compiles against the headers installed by"
+	#	einfo "the kernel source for the mac80211 driver. You should "
+	#	einfo "re-emerge ${PN} after upgrading your kernel source."
+	#fi
+
+	if use wps; then
+		einfo "You have enabled Wi-Fi Protected Setup support, please"
+		einfo "read the README-WPS file in /usr/share/doc/${P}"
+		einfo "for info on how to use WPS"
+	fi
+}