FT: Fix hostapd_wpa_auth_oui_iter() iteration for multicast packets

When using FT wildcard feature, the inter-AP protocol will send
broadcast messages to discover related APs.

For example,
12/6 16:24:43 FT: Send PMK-R1 pull request to remote R0KH address
    ff:ff:ff:ff:ff:ff
12/6 16:24:43 FT: Send out sequence number request to
    ff:ff:ff:ff:ff:ff

If you have multiple interfaces/BSSs in a single hostapd process,
hostapd_wpa_auth_oui_iter() returned 1 after the first interface was
processed. Iteration in for_each_interface() will be stopped since it
gets a non-zero return value from hostapd_wpa_auth_oui_iter().

Even worse, the packet will not be sent to ethernet because
for_each_interface() returns non-zero value. hostapd_wpa_auth_send_oui()
will then return data_len immediately.

To prevent this, hostapd_wpa_auth_oui_iter() should not return 1 after
any successful transmission to other interfaces, if the dst_addr of
packet is a multicast address.

Signed-off-by: Jinglin Wang <bryanwang@synology.com>
Signed-off-by: MinHong Wang <minhongw@synology.com>

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 7fb0923e48bb4692722a61ee36ba43bf23bee387..49728a30768b0e3569adffe0adc8f6e949c264a3 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -748,7 +748,11 @@ static int hostapd_wpa_auth_oui_iter(struct hostapd_iface *iface, void *ctx)
                                               hostapd_oui_deliver_later,
                                               hapd, NULL);
 
-               return 1;
+               /* If dst_addr is a multicast address, do not return any
+                * non-zero value here. Otherwise, the iteration of
+                * for_each_interface() will be stopped. */
+               if (!is_multicast_ether_addr(idata->dst_addr))
+                       return 1;
        }
 
        return 0;