From patchwork Mon Oct 4 21:47:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Bauer X-Patchwork-Id: 1536389 X-Patchwork-Delegate: mail@david-bauer.net Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=Vu34lacY; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HNZGP6Zblz9t0G for ; Tue, 5 Oct 2021 08:53:17 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=UT8qBMH1bSPRzYxSlBKN9XWhD9oevDH186C0s2n1cmE=; b=Vu34lacYdNjT56 a+/MGLDUk/XW4KEg7RTbMSRNJ/Ye9tsxoTYJGkJAOpRX7NlgK3TdVVBo9k+SsQM7NYzSvxX+SplC8 jnthLg+Rv3jsG3pcDCGDuuPif2YB+lMKYB0CF+kYbLPFATVHKwXr98ANJVB2tf84lp27PU1cCpxPS GQ90eBlIbetFQLqqamLcPy89IEu0xsZFfY3cMh2GIbh6sYdMitzIxRY6ycm28KgR7oeN/Pb31EftQ JwBDkUyUBsCqZ33CzhFeCOsPObGBZSsgHh6twwP0tMFAeCd9J5yIFGj7SbAnuvzxBW73PovYylSXF WzirJ+sp7dH4K/G+fJWA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mXVoA-008CYJ-Fs; Mon, 04 Oct 2021 21:47:38 +0000 Received: from perseus.uberspace.de ([95.143.172.134]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mXVo4-008CXq-O2 for openwrt-devel@lists.openwrt.org; Mon, 04 Oct 2021 21:47:35 +0000 Received: (qmail 6557 invoked from network); 4 Oct 2021 21:47:22 -0000 Received: from localhost (HELO localhost) (127.0.0.1) by perseus.uberspace.de with SMTP; 4 Oct 2021 21:47:22 -0000 From: David Bauer To: openwrt-devel@lists.openwrt.org Subject: [PATCH usteer] policy: avoid creating kick loop for client Date: Mon, 4 Oct 2021 23:47:15 +0200 Message-Id: <20211004214715.748719-1-mail@david-bauer.net> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211004_144733_275873_548F54A3 X-CRM114-Status: GOOD ( 11.36 ) X-Spam-Score: -0.7 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When checking whether a client is allowed to associate to a node, the lower ceiling for kicking clients was not taken into account when assoc-steering is disabled. The problem behind this is, that a configured lower barrier for disassociating clients (kicking) would kick the client immediatly after association. In the worst scenario the client immediatly associa [...] Content analysis details: (-0.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [95.143.172.134 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org When checking whether a client is allowed to associate to a node, the lower ceiling for kicking clients was not taken into account when assoc-steering is disabled. The problem behind this is, that a configured lower barrier for disassociating clients (kicking) would kick the client immediatly after association. In the worst scenario the client immediatly associates again to the station and ends up in a kick loop. Don't allow associating when a min_snr is configured and the client signal is below this value. Signed-off-by: David Bauer --- policy.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/policy.c b/policy.c index c1a992f..91ff613 100644 --- a/policy.c +++ b/policy.c @@ -155,8 +155,22 @@ usteer_check_request(struct sta_info *si, enum usteer_event_type type) if (type == EVENT_TYPE_AUTH) goto out; - if (type == EVENT_TYPE_ASSOC && !config.assoc_steering) - goto out; + if (type == EVENT_TYPE_ASSOC) { + /* Check if assoc request has lower signal than min_signal. + * If this is the case, block assoc even when assoc steering is enabled. + * + * Otherwise, the client potentially ends up in a assoc - kick loop. + */ + if (config.min_snr && si->signal < snr_to_signal(si->node, config.min_snr)) { + ev.reason = UEV_REASON_LOW_SIGNAL; + ev.threshold.cur = si->signal; + ev.threshold.ref = min_signal; + ret = false; + goto out; + } else if (!config.assoc_steering) { + goto out; + } + } min_signal = snr_to_signal(si->node, config.min_connect_snr); if (si->signal < min_signal) {