OCE: RSSI-based rejection to consider Authentication frames (AP)

Try to make RSSI-based rejection of associating stations a bit less
likely to trigger false rejections by considering RSSI from the last
received Authentication frame. Association is rejected only if both the
Authentication and (Re)Association Request frames are below the RSSI
threshold.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-01-01 18:17:02 +02:00
parent 7021d33c9e
commit 2ea1fce3d6
2 changed files with 10 additions and 3 deletions

View file

@ -1760,7 +1760,8 @@ ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta,
static void handle_auth(struct hostapd_data *hapd, static void handle_auth(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len) const struct ieee80211_mgmt *mgmt, size_t len,
int rssi)
{ {
u16 auth_alg, auth_transaction, status_code; u16 auth_alg, auth_transaction, status_code;
u16 resp = WLAN_STATUS_SUCCESS; u16 resp = WLAN_STATUS_SUCCESS;
@ -1990,6 +1991,9 @@ static void handle_auth(struct hostapd_data *hapd,
} }
sta->last_seq_ctrl = seq_ctrl; sta->last_seq_ctrl = seq_ctrl;
sta->last_subtype = WLAN_FC_STYPE_AUTH; sta->last_subtype = WLAN_FC_STYPE_AUTH;
#ifdef CONFIG_MBO
sta->auth_rssi = rssi;
#endif /* CONFIG_MBO */
res = ieee802_11_set_radius_info( res = ieee802_11_set_radius_info(
hapd, sta, res, session_timeout, acct_interim_interval, hapd, sta, res, session_timeout, acct_interim_interval,
@ -3524,7 +3528,9 @@ static void handle_assoc(struct hostapd_data *hapd,
} }
if (hapd->iconf->rssi_reject_assoc_rssi && rssi && if (hapd->iconf->rssi_reject_assoc_rssi && rssi &&
rssi < hapd->iconf->rssi_reject_assoc_rssi) { rssi < hapd->iconf->rssi_reject_assoc_rssi &&
(sta->auth_rssi == 0 ||
sta->auth_rssi < hapd->iconf->rssi_reject_assoc_rssi)) {
resp = WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS; resp = WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS;
goto fail; goto fail;
} }
@ -4166,7 +4172,7 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
switch (stype) { switch (stype) {
case WLAN_FC_STYPE_AUTH: case WLAN_FC_STYPE_AUTH:
wpa_printf(MSG_DEBUG, "mgmt::auth"); wpa_printf(MSG_DEBUG, "mgmt::auth");
handle_auth(hapd, mgmt, len); handle_auth(hapd, mgmt, len, ssi_signal);
ret = 1; ret = 1;
break; break;
case WLAN_FC_STYPE_ASSOC_REQ: case WLAN_FC_STYPE_ASSOC_REQ:

View file

@ -217,6 +217,7 @@ struct sta_info {
u8 cell_capa; /* 0 = unknown (not an MBO STA); otherwise, u8 cell_capa; /* 0 = unknown (not an MBO STA); otherwise,
* enum mbo_cellular_capa values */ * enum mbo_cellular_capa values */
struct mbo_non_pref_chan_info *non_pref_chan; struct mbo_non_pref_chan_info *non_pref_chan;
int auth_rssi; /* Last Authentication frame RSSI */
#endif /* CONFIG_MBO */ #endif /* CONFIG_MBO */
u8 *supp_op_classes; /* Supported Operating Classes element, if u8 *supp_op_classes; /* Supported Operating Classes element, if