package/network/services/hostapd/patches/000-0001-Reduce-undesired-logging-of-ACL-rejection.patch

   1 From 6588f712220797c69dbd019daa19b82a50d92782 Mon Sep 17 00:00:00 2001
   2 From: Jouni Malinen <j@w1.fi>
   3 Date: Sun, 14 Oct 2018 19:57:22 +0300
   4 Subject: Reduce undesired logging of ACL rejection events from AP mode
   5
   6 When Probe Request frame handling was extended to use MAC ACL through
   7 ieee802_11_allowed_address(), the MSG_INFO level log print ("Station
   8 <addr> not allowed to authenticate") from that function ended up getting
   9 printed even for Probe Request frames. That was not by design and it can
  10 result in excessive logging and MSG_INFO level if MAC ACL is used.
  11
  12 Fix this by printing this log entry only for authentication and
  13 association frames. In addition, drop the priority of that log entry to
  14 MSG_DEBUG since this is not really an unexpected behavior in most MAC
  15 ACL use cases.
  16
  17 Fixes: 92eb00aec2a0 ("Extend ACL check for Probe Request frames")
  18 Signed-off-by: Jouni Malinen <j@w1.fi>
  19 ---
  20  src/ap/ieee802_11.c | 8 +++++---
  21  1 file changed, 5 insertions(+), 3 deletions(-)
  22
  23 --- a/src/ap/ieee802_11.c
  24 +++ b/src/ap/ieee802_11.c
  25 @@ -1636,9 +1636,11 @@ ieee802_11_allowed_address(struct hostap
  26                                       is_probe_req);
  27
  28         if (res == HOSTAPD_ACL_REJECT) {
  29 -               wpa_printf(MSG_INFO,
  30 -                          "Station " MACSTR " not allowed to authenticate",
  31 -                          MAC2STR(addr));
  32 +               if (!is_probe_req)
  33 +                       wpa_printf(MSG_DEBUG,
  34 +                                  "Station " MACSTR
  35 +                                  " not allowed to authenticate",
  36 +                                  MAC2STR(addr));
  37                 return HOSTAPD_ACL_REJECT;
  38         }
  39