[RFC] Remove VLAN interface on STA free

Jouni Malinen j
Sat Mar 28 06:04:41 PDT 2015

On Wed, Mar 25, 2015 at 05:15:11PM +0100, Michael Braun wrote:
> Currently, vlan_remove_dynamic is only called when the station vlan id is
> changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic
> vlan interfaces are not removed actually except within 1x reauthentification
> vlan id change, although most of the code is already there.
> This patch fixes this by calling vlan_remove_dynamic in ap_free_sta.
> It cannot just use sta->vlan_id for this, as this might have been changed
> without calling ap_sta_bind_vlan (ap/ieee802_11.c:handle_auth fetches from
> RADIUS cache for WPA-PSK), thus ref counting might not have been updated.
> Additionally, ref counting might get wrong due to old_vlanid = 0 being passed
> unconditionally, thus increasing the ref counter multiple times.
> So tracking the currently assigned (i.e. dynamic_vlan counter increased) vlan
> is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id
> argument of ap_sta_bind_vlan is no longer needed and setting the vlan for the
> sta in driver happens unconditionally.
> Additionally, vlan->dynamic_vlan is only incremented when it actually
> is a dynamic vlan.

I'm not completely sure why this happens, but the changes here seem to
break RSN pre-authentication. As an example, the pmksa_cache_preauth
hwsim test case fails with these changes.

There seems to be an undesired attempt to bind a pre-authentication STA
(i.e., something that has not even associated with the AP) to a VLAN
(though, vlan_id=0) even though there was no VLANs configured on the AP.
In addition, the BSS gets reinitialized when the STA roams and there is
no PMKSA cache entry found at that point which results in the RSN
pre-authentication result having been lost and full EAP authentication
being needed again.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list