Backport two upstream fixes to address overly verbose logging of MAC ACL rejection messages. Fixes: FS#1468 Signed-off-by: Jo-Philipp Wich <jo@mein.io>master
parent
583466bb5b
commit
3e633bb370
@ -0,0 +1,39 @@ |
||||
From 6588f712220797c69dbd019daa19b82a50d92782 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Sun, 14 Oct 2018 19:57:22 +0300
|
||||
Subject: Reduce undesired logging of ACL rejection events from AP mode
|
||||
|
||||
When Probe Request frame handling was extended to use MAC ACL through
|
||||
ieee802_11_allowed_address(), the MSG_INFO level log print ("Station
|
||||
<addr> not allowed to authenticate") from that function ended up getting
|
||||
printed even for Probe Request frames. That was not by design and it can
|
||||
result in excessive logging and MSG_INFO level if MAC ACL is used.
|
||||
|
||||
Fix this by printing this log entry only for authentication and
|
||||
association frames. In addition, drop the priority of that log entry to
|
||||
MSG_DEBUG since this is not really an unexpected behavior in most MAC
|
||||
ACL use cases.
|
||||
|
||||
Fixes: 92eb00aec2a0 ("Extend ACL check for Probe Request frames")
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
src/ap/ieee802_11.c | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/src/ap/ieee802_11.c
|
||||
+++ b/src/ap/ieee802_11.c
|
||||
@@ -1636,9 +1636,11 @@ ieee802_11_allowed_address(struct hostap
|
||||
is_probe_req);
|
||||
|
||||
if (res == HOSTAPD_ACL_REJECT) {
|
||||
- wpa_printf(MSG_INFO,
|
||||
- "Station " MACSTR " not allowed to authenticate",
|
||||
- MAC2STR(addr));
|
||||
+ if (!is_probe_req)
|
||||
+ wpa_printf(MSG_DEBUG,
|
||||
+ "Station " MACSTR
|
||||
+ " not allowed to authenticate",
|
||||
+ MAC2STR(addr));
|
||||
return HOSTAPD_ACL_REJECT;
|
||||
}
|
||||
|
@ -0,0 +1,28 @@ |
||||
From dc1b1c8db7905639be6f4de8173e2d97bf6df90d Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Sun, 14 Oct 2018 20:03:55 +0300
|
||||
Subject: Drop logging priority for handle_auth_cb no-STA-match messages
|
||||
|
||||
This message was printed and MSG_INFO level which would be more
|
||||
reasonable for error cases where hostapd has accepted authentication.
|
||||
However, this is not really an error case for the cases where
|
||||
authentication was rejected (e.g., due to MAC ACL). Drop this to use
|
||||
MSG_DEBUG level.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
src/ap/ieee802_11.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/src/ap/ieee802_11.c
|
||||
+++ b/src/ap/ieee802_11.c
|
||||
@@ -4018,7 +4018,8 @@ static void handle_auth_cb(struct hostap
|
||||
|
||||
sta = ap_get_sta(hapd, mgmt->da);
|
||||
if (!sta) {
|
||||
- wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found",
|
||||
+ wpa_printf(MSG_DEBUG, "handle_auth_cb: STA " MACSTR
|
||||
+ " not found",
|
||||
MAC2STR(mgmt->da));
|
||||
return;
|
||||
}
|
Loading…
Reference in new issue