From 3e633bb3709611d79965fab667e3239fd3bde151 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 16 Oct 2018 12:11:20 +0200 Subject: hostapd: fix MAC filter related log spam Backport two upstream fixes to address overly verbose logging of MAC ACL rejection messages. Fixes: FS#1468 Signed-off-by: Jo-Philipp Wich --- ...Reduce-undesired-logging-of-ACL-rejection.patch | 39 ++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 package/network/services/hostapd/patches/000-0001-Reduce-undesired-logging-of-ACL-rejection.patch (limited to 'package/network/services/hostapd/patches/000-0001-Reduce-undesired-logging-of-ACL-rejection.patch') diff --git a/package/network/services/hostapd/patches/000-0001-Reduce-undesired-logging-of-ACL-rejection.patch b/package/network/services/hostapd/patches/000-0001-Reduce-undesired-logging-of-ACL-rejection.patch new file mode 100644 index 0000000000..3fc80a01d7 --- /dev/null +++ b/package/network/services/hostapd/patches/000-0001-Reduce-undesired-logging-of-ACL-rejection.patch @@ -0,0 +1,39 @@ +From 6588f712220797c69dbd019daa19b82a50d92782 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sun, 14 Oct 2018 19:57:22 +0300 +Subject: Reduce undesired logging of ACL rejection events from AP mode + +When Probe Request frame handling was extended to use MAC ACL through +ieee802_11_allowed_address(), the MSG_INFO level log print ("Station + not allowed to authenticate") from that function ended up getting +printed even for Probe Request frames. That was not by design and it can +result in excessive logging and MSG_INFO level if MAC ACL is used. + +Fix this by printing this log entry only for authentication and +association frames. In addition, drop the priority of that log entry to +MSG_DEBUG since this is not really an unexpected behavior in most MAC +ACL use cases. + +Fixes: 92eb00aec2a0 ("Extend ACL check for Probe Request frames") +Signed-off-by: Jouni Malinen +--- + src/ap/ieee802_11.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -1636,9 +1636,11 @@ ieee802_11_allowed_address(struct hostap + is_probe_req); + + if (res == HOSTAPD_ACL_REJECT) { +- wpa_printf(MSG_INFO, +- "Station " MACSTR " not allowed to authenticate", +- MAC2STR(addr)); ++ if (!is_probe_req) ++ wpa_printf(MSG_DEBUG, ++ "Station " MACSTR ++ " not allowed to authenticate", ++ MAC2STR(addr)); + return HOSTAPD_ACL_REJECT; + } + -- cgit v1.2.3