[PATCH 0/6] VLAN reference counting
michael-dev at fami-braun.de
Fri Apr 10 08:49:44 EDT 2015
thanks for reviewing "[RFC] Remove VLAN interface on STA free".
> I'm not completely sure why this happens, but the changes here seem to
> break RSN pre-authentication. As an example, the pmksa_cache_preauth
> hwsim test case fails with these changes.
I found this to be because of the ap_sta_bind_vlan call in
ieee802_1x_receive_auth failing during pre-auth, so the Access-Accept is
rejected. It fails to due to hostapd_drv_set_sta_vlan failing, which is due to
the station not being associated.
This issue happens with the reviewed patch, because it calls
hostapd_drv_set_sta_vlan unconditionally. Before it was skipped when
sta->vlan_id == old_vlanid (= 0), which holds during the hwsim test case
Thought, the preauth failure can be triggered with vlan_id != 0 even without
the reviewed patch. sta->vlan_id != 0 holds iff dynamic_vlan as
radius_msg_get_vlanid does never return zero.
This patch series adds two new pmksa preauth test cases referring to
sta->vlan_id = -1 and sta->vlan_id > 0.
The first can be fixed by making radius_msg_get_vlanid return zero instead
of -1. The latter can be fixed by only calling ap_sta_bind_vlan for
associated stations. While the latter would also fix the vlan_id = -1 case, I
found no reason to keep radius_msg_get_vlanid returning -1, it only makes
comparison more difficult. So the first fix is still in this series.
Additionally, the latter change ensures that if radius returned
an !hostapd_vlan_id_valid vlan, the Access-Accept is still rejected.
Finally, ap_sta_bind_vlan already forces sta->vlan_id = 0 if !dynamic_vlan, so
this is not needed in ieee802_1x_new_station.
While testing the fixes, I was hit by two race conditions related to DELLINK
and NEWLINK message processing, which are fixed as well.
Michael Braun (6):
test: verify RSN preauth with dynamic vlans
Fix RSN preauthentification with dynamic_vlan enabled but unused
802.1x: ap_sta_bind_vlan only for associated stations
vlan: Ignore DELLINK on interfaces that exists.
vlan: ignore multiple NEWLINK messages
Remove VLAN interface on STA free
src/ap/ap_config.h | 1 +
src/ap/ieee802_11.c | 4 +-
src/ap/ieee802_1x.c | 35 ++++++-----
src/ap/sta_info.c | 34 +++++++----
src/ap/sta_info.h | 6 +-
src/ap/vlan_init.c | 5 +-
src/radius/radius.c | 4 +-
tests/hwsim/hostapd.wlan3.vlan | 1 +
tests/hwsim/hostapd.wlan4.vlan | 1 +
tests/hwsim/test_pmksa_cache.py | 126 ++++++++++++++++++++++++++++++++++++++++
10 files changed, 181 insertions(+), 36 deletions(-)
create mode 100644 tests/hwsim/hostapd.wlan3.vlan
create mode 100644 tests/hwsim/hostapd.wlan4.vlan
More information about the HostAP