OCE: RSSI-based rejection to consider Authentication frames (AP)

Try to make RSSI-based rejection of associating stations a bit less
likely to trigger false rejections by considering RSSI from the last
received Authentication frame. Association is rejected only if both the
Authentication and (Re)Association Request frames are below the RSSI
threshold.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index d36430801d621661f281f572a9dc02538cc2363a..a3b5e99c8eca49afe3e58e2045ea8353a7c923a6 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1760,7 +1760,8 @@ ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta,
 
 
 static void handle_auth(struct hostapd_data *hapd,
-                       const struct ieee80211_mgmt *mgmt, size_t len)
+                       const struct ieee80211_mgmt *mgmt, size_t len,
+                       int rssi)
 {
        u16 auth_alg, auth_transaction, status_code;
        u16 resp = WLAN_STATUS_SUCCESS;
@@ -1990,6 +1991,9 @@ static void handle_auth(struct hostapd_data *hapd,
        }
        sta->last_seq_ctrl = seq_ctrl;
        sta->last_subtype = WLAN_FC_STYPE_AUTH;
+#ifdef CONFIG_MBO
+       sta->auth_rssi = rssi;
+#endif /* CONFIG_MBO */
 
        res = ieee802_11_set_radius_info(
                hapd, sta, res, session_timeout, acct_interim_interval,
@@ -3524,7 +3528,9 @@ static void handle_assoc(struct hostapd_data *hapd,
        }
 
        if (hapd->iconf->rssi_reject_assoc_rssi && rssi &&
-           rssi < hapd->iconf->rssi_reject_assoc_rssi) {
+           rssi < hapd->iconf->rssi_reject_assoc_rssi &&
+           (sta->auth_rssi == 0 ||
+            sta->auth_rssi < hapd->iconf->rssi_reject_assoc_rssi)) {
                resp = WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS;
                goto fail;
        }
@@ -4166,7 +4172,7 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
        switch (stype) {
        case WLAN_FC_STYPE_AUTH:
                wpa_printf(MSG_DEBUG, "mgmt::auth");
-               handle_auth(hapd, mgmt, len);
+               handle_auth(hapd, mgmt, len, ssi_signal);
                ret = 1;
                break;
        case WLAN_FC_STYPE_ASSOC_REQ:

diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index 211ef919fedd30a3d815c59a0967bef6291197bf..5c9bf57310dd97d8671d75e1fe267444b26e75be 100644 (file)
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -217,6 +217,7 @@ struct sta_info {
        u8 cell_capa; /* 0 = unknown (not an MBO STA); otherwise,
                       * enum mbo_cellular_capa values */
        struct mbo_non_pref_chan_info *non_pref_chan;
+       int auth_rssi; /* Last Authentication frame RSSI */
 #endif /* CONFIG_MBO */
 
        u8 *supp_op_classes; /* Supported Operating Classes element, if