[PATCH 1/1] MBO: Check association disallowed attribute in beacons and probe responses

[Jouni Malinen]

On Mon, Mar 07, 2022 at 12:02:44PM +0000, Damon Chen wrote:
> In my test scenario, the test steps can be simplified as follows:
> 1. Configure the AP without association disallowed 2. Trigger STA connect to the AP 3. STA disconnect from the AP 4. Configure the AP with association disallowed 5. Trigger STA connect to the AP
> 
> In step 5, STA should not send association request.
> But if the operating channel is NO_IR, STA will not send probe request in step 5 due to the passive scan, then wpa_supplicant will get the old probe response from step 2.
> 
> The probe response from step 2 does not include the association disallow attribute, therefore, wpa_supplicant will start the association process although the beacon has included the association disallow attribute from step 5.

This would seem to have a similar issue for the case of the AP removing
the association disallowed indication, i.e., the information elements
from an old Probe Response frame could remain in place indefinitely and
prevent association attempts. I applied this with changes to check the
latest set of information elements, i.e., use only one set, but use the
Beacon frame if it was received after the last Probe Response frame.
 
-- 
Jouni Malinen                                            PGP id EFC895FA