1 files changed, 39 insertions, 0 deletions

diff --git a/package/network/services/hostapd/patches/000-0001-Reduce-undesired-logging-of-ACL-rejection.patch b/package/network/services/hostapd/patches/000-0001-Reduce-undesired-logging-of-ACL-rejection.patch
new file mode 100644
index 0000000000..3fc80a01d7
--- /dev/null
+++ b/package/network/services/hostapd/patches/000-0001-Reduce-undesired-logging-of-ACL-rejection.patch
@@ -0,0 +1,39 @@
+From 6588f712220797c69dbd019daa19b82a50d92782 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 14 Oct 2018 19:57:22 +0300
+Subject: Reduce undesired logging of ACL rejection events from AP mode
+
+When Probe Request frame handling was extended to use MAC ACL through
+ieee802_11_allowed_address(), the MSG_INFO level log print ("Station
+<addr> not allowed to authenticate") from that function ended up getting
+printed even for Probe Request frames. That was not by design and it can
+result in excessive logging and MSG_INFO level if MAC ACL is used.
+
+Fix this by printing this log entry only for authentication and
+association frames. In addition, drop the priority of that log entry to
+MSG_DEBUG since this is not really an unexpected behavior in most MAC
+ACL use cases.
+
+Fixes: 92eb00aec2a0 ("Extend ACL check for Probe Request frames")
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/ieee802_11.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1636,9 +1636,11 @@ ieee802_11_allowed_address(struct hostap
+ 				      is_probe_req);
+ 
+ 	if (res == HOSTAPD_ACL_REJECT) {
+-		wpa_printf(MSG_INFO,
+-			   "Station " MACSTR " not allowed to authenticate",
+-			   MAC2STR(addr));
++		if (!is_probe_req)
++			wpa_printf(MSG_DEBUG,
++				   "Station " MACSTR
++				   " not allowed to authenticate",
++				   MAC2STR(addr));
+ 		return HOSTAPD_ACL_REJECT;
+ 	}
+