3e633bb370
Backport two upstream fixes to address overly verbose logging of MAC ACL rejection messages. Fixes: FS#1468 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
From 6588f712220797c69dbd019daa19b82a50d92782 Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <j@w1.fi>
|
|
Date: Sun, 14 Oct 2018 19:57:22 +0300
|
|
Subject: Reduce undesired logging of ACL rejection events from AP mode
|
|
|
|
When Probe Request frame handling was extended to use MAC ACL through
|
|
ieee802_11_allowed_address(), the MSG_INFO level log print ("Station
|
|
<addr> not allowed to authenticate") from that function ended up getting
|
|
printed even for Probe Request frames. That was not by design and it can
|
|
result in excessive logging and MSG_INFO level if MAC ACL is used.
|
|
|
|
Fix this by printing this log entry only for authentication and
|
|
association frames. In addition, drop the priority of that log entry to
|
|
MSG_DEBUG since this is not really an unexpected behavior in most MAC
|
|
ACL use cases.
|
|
|
|
Fixes: 92eb00aec2a0 ("Extend ACL check for Probe Request frames")
|
|
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
---
|
|
src/ap/ieee802_11.c | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
--- a/src/ap/ieee802_11.c
|
|
+++ b/src/ap/ieee802_11.c
|
|
@@ -1636,9 +1636,11 @@ ieee802_11_allowed_address(struct hostap
|
|
is_probe_req);
|
|
|
|
if (res == HOSTAPD_ACL_REJECT) {
|
|
- wpa_printf(MSG_INFO,
|
|
- "Station " MACSTR " not allowed to authenticate",
|
|
- MAC2STR(addr));
|
|
+ if (!is_probe_req)
|
|
+ wpa_printf(MSG_DEBUG,
|
|
+ "Station " MACSTR
|
|
+ " not allowed to authenticate",
|
|
+ MAC2STR(addr));
|
|
return HOSTAPD_ACL_REJECT;
|
|
}
|
|
|