PacketFence - BTS - PacketFence
View Issue Details
0000890PacketFencepublic2010-01-13 17:352011-05-04 11:51
obilodeau 
obilodeau 
normalminoralways
closedno change required 
 
2.0.11.8.7 
0000890: we need local deassociate / dot11deAuthenticate traps for registration / isolation to work properly on wireless
after all, we need local deassociate / dot11deAuthenticate traps for registration / isolation to work properly on wireless

we just disabled them in 0000880 because of problems that some of these traps caused.

We will allow them if the switch ip is 127.0.0.1 and disallow them otherwise.
No tags attached.
related to 0000880closed obilodeau wireless deauthentication traps cause more problems than they solve 
Issue History
2010-01-13 17:35obilodeauNew Issue
2010-01-13 17:35obilodeauStatusnew => assigned
2010-01-13 17:35obilodeauAssigned To => obilodeau
2010-01-13 17:35obilodeauRelationship addedrelated to 0000880
2010-01-13 17:36obilodeauNote Added: 0001454
2010-01-13 17:58obilodeauNote Added: 0001455
2010-01-13 17:58obilodeauResolutionopen => unable to reproduce
2010-05-05 14:09obilodeauNote Added: 0001553
2010-05-05 14:09obilodeauCategory1.8.7 => regression
2010-05-05 14:09obilodeauTarget Version => 1.9.1
2010-09-15 13:14obilodeauNote Added: 0001665
2010-09-22 16:05obilodeauTarget Version1.9.1 => 1.9.2
2010-11-19 14:24obilodeauTarget Version1.9.2 => 2.0.0
2011-01-18 15:07obilodeauTarget Version2.0.0 => 2.0.1
2011-01-18 15:19obilodeauNote Added: 0001819
2011-01-18 15:19obilodeauStatusassigned => resolved
2011-01-18 15:19obilodeauFixed in Version => 1.8.7
2011-01-18 15:19obilodeauResolutionunable to reproduce => no change required
2011-05-04 11:51obilodeauStatusresolved => closed

Notes
(0001454)
obilodeau   
2010-01-13 17:36   
if you are bitten by this, right now you can apply the following patch until we do a release:

#
# old_revision [0ec2fb1de198850e403ac44ebae47a7f206ee51c]
#
# patch "pf/lib/pf/vlan.pm"
#  from [804c8a96848f4ba25c0dd8f86fbaa12854714ba5]
#    to [7543ef21e77148ed2d91512a41da2e794dfdff57]
#
============================================================
--- pf/lib/pf/vlan.pm	804c8a96848f4ba25c0dd8f86fbaa12854714ba5
+++ pf/lib/pf/vlan.pm	7543ef21e77148ed2d91512a41da2e794dfdff57
@@ -142,9 +142,13 @@ sub custom_doWeActOnThisTrap {
         return 1;
     }
     if ( $trapType eq 'dot11Deauthentication' ) {
-        # we no longer act on dot11Deauth traps see bug 0000880
-        # http://www.packetfence.org/mantis/view.php?id=880 [^]
-        return 0;
+        if ($switch->{_ip} eq '127.0.0.1') {
+            return 1;
+        } else {
+            # we no longer act on non-local dot11Deauth traps see bug 0000880
+            # http://www.packetfence.org/mantis/view.php?id=880 [^]
+            return 0;
+        }
     }
 
     my $ifType = $switch->getIfType($ifIndex);
(0001455)
obilodeau   
2010-01-13 17:58   
I need to do more testing to confirm this one, the code path is impossible to reach. I added more logging and i'll retest before confirming this is actually a bug.
(0001553)
obilodeau   
2010-05-05 14:09   
We will try to look at it for 1.9.1.
(0001665)
obilodeau   
2010-09-15 13:14   
Reminder sent to: rbalzard

I'm confused by this one. We will need to look at it and talk about it together.
(0001819)
obilodeau   
2011-01-18 15:19   
dot11Deauthenticate traps are not required for proper isolation, only for proper locationlog management.

dot11Deauthenticate traps should never be sent by 127.0.0.1 so this fix is irrelevant.

deAssociate traps are sent from 127.0.0.1 and we should act upon them which the code currently does.