From: Jouni Malinen <j@w1.fi>
Date: Sun, 14 Oct 2018 16:57:22 +0000 (+0300)
Subject: Reduce undesired logging of ACL rejection events from AP mode
X-Git-Tag: hostap_2_7~137
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6588f712220797c69dbd019daa19b82a50d92782;p=thirdparty%2Fhostap.git

Reduce undesired logging of ACL rejection events from AP mode

When Probe Request frame handling was extended to use MAC ACL through
ieee802_11_allowed_address(), the MSG_INFO level log print ("Station
<addr> not allowed to authenticate") from that function ended up getting
printed even for Probe Request frames. That was not by design and it can
result in excessive logging and MSG_INFO level if MAC ACL is used.

Fix this by printing this log entry only for authentication and
association frames. In addition, drop the priority of that log entry to
MSG_DEBUG since this is not really an unexpected behavior in most MAC
ACL use cases.

Fixes: 92eb00aec2a0 ("Extend ACL check for Probe Request frames")
Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index d8b34fa52..00ff11694 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1665,9 +1665,11 @@ ieee802_11_allowed_address(struct hostapd_data *hapd, const u8 *addr,
 				      is_probe_req);
 
 	if (res == HOSTAPD_ACL_REJECT) {
-		wpa_printf(MSG_INFO,
-			   "Station " MACSTR " not allowed to authenticate",
-			   MAC2STR(addr));
+		if (!is_probe_req)
+			wpa_printf(MSG_DEBUG,
+				   "Station " MACSTR
+				   " not allowed to authenticate",
+				   MAC2STR(addr));
 		return HOSTAPD_ACL_REJECT;
 	}