hostapd: revert upstream commit to fix #13156

Commit e978072baaca ("Do prune_association only after the STA is
authorized") causes issues when an STA roams from one interface to
another interface on the same PHY. The mt7915 driver is not able to
handle this properly. While the commits fixes a DoS, there are other
devices and drivers with the same limitation, so revert to the orginal
behavior for now, until we have a better solution in place.

Fixes: #13156
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This commit is contained in:
Stijn Tintel 2023-08-04 10:03:10 +03:00 committed by Hauke Mehrtens
parent 973c5d4a1d
commit 324673914d
1 changed files with 63 additions and 0 deletions

View File

@ -0,0 +1,63 @@
From 26cd9bafc1d25e602952ee86cd2a5b8c3a995490 Mon Sep 17 00:00:00 2001
From: Stijn Tintel <stijn@linux-ipv6.be>
Date: Fri, 28 Jul 2023 16:27:47 +0300
Subject: [PATCH] Revert "Do prune_association only after the STA is
authorized"
Commit e978072baaca ("Do prune_association only after the STA is
authorized") causes issues when an STA roams from one interface to
another interface on the same PHY. The mt7915 driver is not able to
handle this properly. While the commits fixes a DoS, there are other
devices and drivers with the same limitation, so revert to the orginal
behavior for now, until we have a better solution in place.
Ref: https://github.com/openwrt/openwrt/issues/13156
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
---
src/ap/hostapd.c | 14 +++++++++++---
src/ap/sta_info.c | 3 ---
2 files changed, 11 insertions(+), 6 deletions(-)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -3563,6 +3563,8 @@ int hostapd_remove_iface(struct hapd_int
void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
int reassoc)
{
+ int mld_assoc_link_id = -1;
+
if (hapd->tkip_countermeasures) {
hostapd_drv_sta_deauth(hapd, sta->addr,
WLAN_REASON_MICHAEL_MIC_FAILURE);
@@ -3570,10 +3572,16 @@ void hostapd_new_assoc_sta(struct hostap
}
#ifdef CONFIG_IEEE80211BE
- if (hapd->conf->mld_ap && sta->mld_info.mld_sta &&
- sta->mld_assoc_link_id != hapd->mld_link_id)
- return;
+ if (hapd->conf->mld_ap && sta->mld_info.mld_sta) {
+ if (sta->mld_assoc_link_id == hapd->mld_link_id) {
+ mld_assoc_link_id = sta->mld_assoc_link_id;
+ } else {
+ return;
+ }
+ }
#endif /* CONFIG_IEEE80211BE */
+ if (mld_assoc_link_id != -2)
+ hostapd_prune_associations(hapd, sta->addr, mld_assoc_link_id);
ap_sta_clear_disconnect_timeouts(hapd, sta);
sta->post_csa_sa_query = 0;
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -1318,9 +1318,6 @@ void ap_sta_set_authorized(struct hostap
mld_assoc_link_id = -2;
}
#endif /* CONFIG_IEEE80211BE */
- if (mld_assoc_link_id != -2)
- hostapd_prune_associations(hapd, sta->addr,
- mld_assoc_link_id);
sta->flags |= WLAN_STA_AUTHORIZED;
} else {
sta->flags &= ~WLAN_STA_AUTHORIZED;