Fix STA re-bind to another VLAN on reauthentication

Previously, the old VLAN ID could have been deleted before the STA was
bound to the new VLAN in case the RADIUS server changed the VLAN ID
during an association. This did not exactly work well with mac80211, so
reorder the operations in a way that first binds the STA to the new VLAN
ID and only after that, removes the old VLAN interface if no STAs remain
in it.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2015-01-30 01:09:51 +02:00 committed by Jouni Malinen
parent 4437f8fc77
commit 2dd4f3aede

View file

@ -781,13 +781,6 @@ int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
if (sta->vlan_id == old_vlanid) if (sta->vlan_id == old_vlanid)
return 0; return 0;
/*
* During 1x reauth, if the vlan id changes, then remove the old id and
* proceed furthur to add the new one.
*/
if (old_vlanid > 0)
vlan_remove_dynamic(hapd, old_vlanid);
iface = hapd->conf->iface; iface = hapd->conf->iface;
if (sta->ssid->vlan[0]) if (sta->ssid->vlan[0])
iface = sta->ssid->vlan; iface = sta->ssid->vlan;
@ -815,7 +808,8 @@ int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
HOSTAPD_LEVEL_DEBUG, "could not find VLAN for " HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
"binding station to (vlan_id=%d)", "binding station to (vlan_id=%d)",
sta->vlan_id); sta->vlan_id);
return -1; ret = -1;
goto done;
} else if (sta->vlan_id > 0 && vlan->vlan_id == VLAN_ID_WILDCARD) { } else if (sta->vlan_id > 0 && vlan->vlan_id == VLAN_ID_WILDCARD) {
vlan = vlan_add_dynamic(hapd, vlan, sta->vlan_id); vlan = vlan_add_dynamic(hapd, vlan, sta->vlan_id);
if (vlan == NULL) { if (vlan == NULL) {
@ -824,7 +818,8 @@ int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
HOSTAPD_LEVEL_DEBUG, "could not add " HOSTAPD_LEVEL_DEBUG, "could not add "
"dynamic VLAN interface for vlan_id=%d", "dynamic VLAN interface for vlan_id=%d",
sta->vlan_id); sta->vlan_id);
return -1; ret = -1;
goto done;
} }
iface = vlan->ifname; iface = vlan->ifname;
@ -878,6 +873,12 @@ int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
HOSTAPD_LEVEL_DEBUG, "could not bind the STA " HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
"entry to vlan_id=%d", sta->vlan_id); "entry to vlan_id=%d", sta->vlan_id);
} }
done:
/* During 1x reauth, if the vlan id changes, then remove the old id. */
if (old_vlanid > 0)
vlan_remove_dynamic(hapd, old_vlanid);
return ret; return ret;
#else /* CONFIG_NO_VLAN */ #else /* CONFIG_NO_VLAN */
return 0; return 0;