From: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> Date: Wed, 11 Sep 2019 15:06:03 +0200 > On Wed, 2019-09-11 at 16:03 +0300, Jouni Malinen wrote: >> The Layer 2 Update frame is used to update bridges when a station roams >> to another AP even if that STA does not transmit any frames after the >> reassociation. This behavior was described in IEEE Std 802.11F-2003 as >> something that would happen based on MLME-ASSOCIATE.indication, i.e., >> before completing 4-way handshake. However, this IEEE trial-use >> recommended practice document was published before RSN (IEEE Std >> 802.11i-2004) and as such, did not consider RSN use cases. Furthermore, >> IEEE Std 802.11F-2003 was withdrawn in 2006 and as such, has not been >> maintained amd should not be used anymore. >> >> Sending out the Layer 2 Update frame immediately after association is >> fine for open networks (and also when using SAE, FT protocol, or FILS >> authentication when the station is actually authenticated by the time >> association completes). However, it is not appropriate for cases where >> RSN is used with PSK or EAP authentication since the station is actually >> fully authenticated only once the 4-way handshake completes after >> authentication and attackers might be able to use the unauthenticated >> triggering of Layer 2 Update frame transmission to disrupt bridge >> behavior. >> >> Fix this by postponing transmission of the Layer 2 Update frame from >> station entry addition to the point when the station entry is marked >> authorized. Similarly, send out the VLAN binding update only if the STA >> entry has already been authorized. > > Reviewed-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> > > Dave, if you were still planning to send a pull request to Linus before > he closes the tree on Sunday this would be good to include (and we > should also backport it to stable later). > > If not, I can pick it up afterwards, let me know. Ok I applied this directly, thanks.
