Move deauthentication at AP start to be after beacon configuration

This allows nl80211-based drivers to get the frame out. The old earlier
location resulted in the driver operation getting rejected before the
kernel was not ready to transmit the frame in the BSS context of the AP
interface that has not yet been started.

While getting this broadcast Deauthentication frame transmitted at the
BSS start is not critical, it is one more chance of getting any
previously associated station notified of their previous association not
being valid anymore had they missed previous notifications in cases
where the AP is stopped and restarted.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/ap/hostapd.c

@@ -1177,8 +1177,7 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
 #endif /* CONFIG_MESH */
 
 	if (flush_old_stations)
-		hostapd_flush_old_stations(hapd,
-					   WLAN_REASON_PREV_AUTH_NOT_VALID);
+		hostapd_flush(hapd);
 	hostapd_set_privacy(hapd, 0);
 
 #ifdef CONFIG_WEP
@@ -1372,6 +1371,21 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
 	if (!conf->start_disabled && ieee802_11_set_beacon(hapd) < 0)
 		return -1;
 
+	if (flush_old_stations && !conf->start_disabled &&
+	    conf->broadcast_deauth) {
+		u8 addr[ETH_ALEN];
+
+		/* Should any previously associated STA not have noticed that
+		 * the AP had stopped and restarted, send one more
+		 * deauthentication notification now that the AP is ready to
+		 * operate. */
+		wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
+			"Deauthenticate all stations at BSS start");
+		os_memset(addr, 0xff, ETH_ALEN);
+		hostapd_drv_sta_deauth(hapd, addr,
+				       WLAN_REASON_PREV_AUTH_NOT_VALID);
+	}
+
 	if (hapd->wpa_auth && wpa_init_keys(hapd->wpa_auth) < 0)
 		return -1;