[PATCH 0/6] VLAN reference counting

Michael Braun michael-dev
Fri Apr 10 05:49:44 PDT 2015 

Hi Jouni,

thanks for reviewing "[RFC] Remove VLAN interface on STA free".

> I'm not completely sure why this happens, but the changes here seem to
> break RSN pre-authentication. As an example, the pmksa_cache_preauth
> hwsim test case fails with these changes.

I found this to be because of the ap_sta_bind_vlan call in
ieee802_1x_receive_auth failing during pre-auth, so the Access-Accept is
rejected. It fails to due to hostapd_drv_set_sta_vlan failing, which is due to
the station not being associated.

This issue happens with the reviewed patch, because it calls
hostapd_drv_set_sta_vlan unconditionally. Before it was skipped when
sta->vlan_id == old_vlanid (= 0), which holds during the hwsim test case
pmksa_cache_preauth.

Thought, the preauth failure can be triggered with vlan_id != 0 even without
the reviewed patch. sta->vlan_id != 0 holds iff dynamic_vlan as
radius_msg_get_vlanid does never return zero.

This patch series adds two new pmksa preauth test cases referring to
sta->vlan_id = -1 and sta->vlan_id > 0.
The first can be fixed by making radius_msg_get_vlanid return zero instead
of -1. The latter can be fixed by only calling ap_sta_bind_vlan for
associated stations. While the latter would also fix the vlan_id = -1 case, I
found no reason to keep radius_msg_get_vlanid returning -1, it only makes
comparison more difficult. So the first fix is still in this series.
Additionally, the latter change ensures that if radius returned
an !hostapd_vlan_id_valid vlan, the Access-Accept is still rejected.
Finally, ap_sta_bind_vlan already forces sta->vlan_id = 0 if !dynamic_vlan, so
this is not needed in ieee802_1x_new_station.

While testing the fixes, I was hit by two race conditions related to DELLINK
and NEWLINK message processing, which are fixed as well.


Michael Braun (6):
  test: verify RSN preauth with dynamic vlans
  Fix RSN preauthentification with dynamic_vlan enabled but unused
  802.1x: ap_sta_bind_vlan only for associated stations
  vlan: Ignore DELLINK on interfaces that exists.
  vlan: ignore multiple NEWLINK messages
  Remove VLAN interface on STA free

 src/ap/ap_config.h              |   1 +
 src/ap/ieee802_11.c             |   4 +-
 src/ap/ieee802_1x.c             |  35 ++++++-----
 src/ap/sta_info.c               |  34 +++++++----
 src/ap/sta_info.h               |   6 +-
 src/ap/vlan_init.c              |   5 +-
 src/radius/radius.c             |   4 +-
 tests/hwsim/hostapd.wlan3.vlan  |   1 +
 tests/hwsim/hostapd.wlan4.vlan  |   1 +
 tests/hwsim/test_pmksa_cache.py | 126 ++++++++++++++++++++++++++++++++++++++++
 10 files changed, 181 insertions(+), 36 deletions(-)
 create mode 100644 tests/hwsim/hostapd.wlan3.vlan
 create mode 100644 tests/hwsim/hostapd.wlan4.vlan

-- 
1.9.1

More information about the Hostap mailing list