Remove VLAN interface on STA free
Currently, vlan_remove_dynamic() is only called when the station VLAN ID is changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic VLAN interfaces are not removed actually except within 1x reauthentification VLAN ID change, although most of the code is already there. This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta(). It cannot just use sta->vlan_id for this, as this might have been changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth fetches from RADIUS cache for WPA-PSK), thus reference counting might not have been updated. Additionally, reference counting might get wrong due to old_vlanid = 0 being passed unconditionally, thus increasing the reference counter multiple times. So tracking the currently assigned (i.e., dynamic_vlan counter increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and setting the VLAN for the sta in driver happens unconditionally. Additionally, vlan->dynamic_vlan is only incremented when it actually is a dynamic VLAN. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This commit is contained in:
parent
de31fb052c
commit
c8e6beabb6
4 changed files with 37 additions and 25 deletions
|
@ -1108,8 +1108,6 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
|
|||
|
||||
pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
|
||||
if (pmksa) {
|
||||
int old_vlanid;
|
||||
|
||||
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
|
||||
HOSTAPD_LEVEL_DEBUG,
|
||||
"PMK from PMKSA cache - skip IEEE 802.1X/EAP");
|
||||
|
@ -1123,11 +1121,8 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
|
|||
sta->eapol_sm->authFail = FALSE;
|
||||
if (sta->eapol_sm->eap)
|
||||
eap_sm_notify_cached(sta->eapol_sm->eap);
|
||||
old_vlanid = sta->vlan_id;
|
||||
pmksa_cache_to_eapol_data(pmksa, sta->eapol_sm);
|
||||
if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
|
||||
sta->vlan_id = 0;
|
||||
ap_sta_bind_vlan(hapd, sta, old_vlanid);
|
||||
ap_sta_bind_vlan(hapd, sta);
|
||||
} else {
|
||||
if (reassoc) {
|
||||
/*
|
||||
|
@ -1590,7 +1585,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
|
|||
struct hostapd_data *hapd = data;
|
||||
struct sta_info *sta;
|
||||
u32 session_timeout = 0, termination_action, acct_interim_interval;
|
||||
int session_timeout_set, old_vlanid = 0, vlan_id = 0;
|
||||
int session_timeout_set, vlan_id = 0;
|
||||
struct eapol_state_machine *sm;
|
||||
int override_eapReq = 0;
|
||||
struct radius_hdr *hdr = radius_msg_get_hdr(msg);
|
||||
|
@ -1687,10 +1682,9 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
|
|||
}
|
||||
#endif /* CONFIG_NO_VLAN */
|
||||
|
||||
old_vlanid = sta->vlan_id;
|
||||
sta->vlan_id = vlan_id;
|
||||
if ((sta->flags & WLAN_STA_ASSOC) &&
|
||||
ap_sta_bind_vlan(hapd, sta, old_vlanid) < 0)
|
||||
ap_sta_bind_vlan(hapd, sta) < 0)
|
||||
break;
|
||||
|
||||
sta->session_timeout_set = !!session_timeout_set;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue