[PATCH v2] wpa_supplicant: Handle randomization changes for same ESS

Andrzej Ostruszka <amo@xxxxxxxxxxxx> · Thu, 15 Dec 2022 16:54:06 +0100

When MAC randomization settings change we should use new MAC address
even if we are associating to the same ESS.  For example consider this
scenario:
- hardware MAC is being used,
- we disconnect from the network,
- policy/style is changed via D-Bus to turn randomization on,
- we reconnect to the same network.

In the last step the randomized address should be used.

Changes to the randomization settings include both changes to the
policy/style to be used and changes to the pregenerated MAC address
value in case of mac_addr==3.

Signed-off-by: Andrzej Ostruszka <amo@xxxxxxxxxxxx>
---
 wpa_supplicant/wpa_supplicant.c | 35 ++++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 7849b4029..88ad14553 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2238,14 +2238,23 @@ int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style,
 
 	os_get_reltime(&now);
 	if (wpa_s->last_mac_addr_style == style &&
-	    /* Pregenerated addresses do not expire */
-	    wpa_s->last_mac_addr_style != 3 &&
-	    wpa_s->last_mac_addr_change.sec != 0 &&
-	    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
-				wpa_s->conf->rand_addr_lifetime)) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Previously selected random MAC address has not yet expired");
-		return 0;
+	    /* Random addresses are valid within given ESS so do not check
+	     * expiration/value when changing ESS. */
+	    wpa_s->reassoc_same_ess) {
+		if (style != 3) {
+			if (wpa_s->last_mac_addr_change.sec != 0 &&
+			    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
+						wpa_s->conf->rand_addr_lifetime)) {
+				wpa_msg(wpa_s, MSG_DEBUG,
+					"Previously selected random MAC address has not yet expired");
+				return 0;
+			}
+		} else {
+			/* Pregenerated addresses do not expire but their value
+			 * might have changed, so let's check that. */
+			if (os_memcmp(wpa_s->own_addr, ssid->mac_value, ETH_ALEN) == 0)
+				return 0;
+		}
 	}
 
 	switch (style) {
@@ -2289,7 +2298,7 @@ int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style,
 	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
 		MAC2STR(addr));
 
-	return 0;
+	return 1;
 }
 
 
@@ -2436,10 +2445,12 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
 	wpa_s_setup_sae_pt(wpa_s->conf, ssid);
 #endif /* CONFIG_SAE */
 
-	if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
-		if (wpas_update_random_addr(wpa_s, rand_style, ssid) < 0)
+	if (rand_style > 0) {
+		int status = wpas_update_random_addr(wpa_s, rand_style, ssid);
+		if (status < 0)
 			return;
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
+		if (status > 0) /* MAC changed */
+			wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
 	} else if (rand_style == 0 && wpa_s->mac_addr_changed) {
 		if (wpas_restore_permanent_mac_addr(wpa_s) < 0)
 			return;
-- 
2.39.0.rc1.256.g54fd8350bd-goog


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap






