How to deny Connection as AP

rsimpsonbusa
Posts: 131
Joined: Tue May 17, 2016 8:12 pm

How to deny Connection as AP

Postby rsimpsonbusa » Sun Jan 19, 2020 8:23 pm

Hi everybody.

Does anybody know a way to deny a connection to a STA when one is an AP? Event Handler tells one what is happening but one cannot decide to accept or deny an event. Is it posible?

Basically to have a whitelist of MACs and deny connection to AP programatically.

Regards

rsimpsonbusa
Posts: 131
Joined: Tue May 17, 2016 8:12 pm

Re: How to deny Connection as AP

Postby rsimpsonbusa » Sat May 09, 2020 5:28 pm

Ill answer my own question.

esp_wifi_deauth_sta(ev->aid); in the event loop get the aid (authorization id) which you can at any time call this routine and it closes the connection.

RSN

dparkinson
Posts: 7
Joined: Tue Aug 08, 2017 12:28 pm

Re: How to deny Connection as AP

Postby dparkinson » Wed Jun 10, 2020 7:01 pm

Did this work for you?
I tried to use esp_wifi_deauth_sta() to remove clients that matched a given mac address and ran into 2 major problems.

1. after calling esp_wifi_deauth_sta(), I get an error about 50% of the time and program panics/aborts. It is usually a heap error. it usually occurs when the client that just got kicked off tries to reconnect before my ESP32 app even gets to my_event_handler() callback. here's an example of the output when it crashes.
  1. ...
  2. I (65037) wifi: n:5 0, o:5 0, ap:5 1, sta:255 255, prof:5
  3. I (65037) wifi: station: 12:34:56:78:9a:bc join, AID=1, n, 20
  4. D (65043) event: SYSTEM_EVENT_AP_STACONNECTED, mac:12:34:56:78:9a:bc, aid:1
  5. D (65043) my_event_handler: wifi event handler invoked
  6. D (65051) my_event_handler: New station connected to the AP.
  7. D (65055) my_event_handler: SYSTEM_EVENT_AP_STACONNECTED, mac:12:34:56:78:9a:bc, aid:1
  8. D (67627) DisconnectBlockedDevices: numConnectedDevices = 1
  9. D (67627) DisconnectBlockedDevices: Disconnecting station 0
  10. I (67627) wifi: station: 12:34:56:78:9a:bc leave, AID = 1
  11. D (67631) event: SYSTEM_EVENT_AP_STADISCONNECTED, mac:12:34:56:78:9a:bc, aid:1
  12. I (67633) wifi: n:5 0, o:5 0, ap:5 1, sta:255 255, prof:5
  13. I (67631) wifi: n:5 0, o:5 0, ap:5 1, sta:255 255, prof:5
  14. I (67645) wifi: station: 12:34:56:78:9a:bc join, AID=1, n, 20
  15. I (67655) wpa: del sm error 0
  16. CORRUPT HEAP: multi_heap.c:369 detected at 0x3ffe0b81
  17. abort() was called at PC 0x40088a24 on core 0
  18. ...
There should be a line after the disconnection that says
  1. my_event_handler: my_event_handler: A station disconnected from the AP.
but ESP32 app doesn't get there before it crashes.

here's an example when my ESP32 app does not crash when it tries to remove the client:
  1. ...
  2. I (53179) DisconnectAllDevices: blocking new mac:12:34:56:78:9a:bc, blockedIdx=0, same=0
  3. D (53179) DisconnectAllDevices: mac:12:34:56:78:9a:bc, blockedIdx=0, same=0, found=1
  4. I (53185) wifi: station: 12:34:56:78:9a:bc leave, AID = 1
  5. D (53189) event: SYSTEM_EVENT_AP_STADISCONNECTED, mac:12:34:56:78:9a:bc, aid:1
  6. I (53189) wifi: n:5 0, o:5 0, ap:5 1, sta:255 255, prof:5
  7. D (53197) my_event_handler: wifi event handler invoked
  8. D (53207) my_event_handler: A station disconnected from the AP.
  9. I (55733) wifi: n:5 0, o:5 0, ap:5 1, sta:255 255, prof:5
  10. I (55733) wifi: station: 12:34:56:78:9a:bc join, AID=1, n, 20
  11. D (55735) event: SYSTEM_EVENT_AP_STACONNECTED, mac:12:34:56:78:9a:bc, aid:1
  12. D (55739) my_event_handler: wifi event handler invoked
  13. D (55743) my_event_handler: New station connected to the AP.
  14. D (55749) my_event_handler: SYSTEM_EVENT_AP_STACONNECTED, mac:12:34:56:78:9a:bc, aid:1
  15. ...


2. the other issue is that the client still keeps re-connecting. The client may eventually give up, but I usually don't get that far because my ESP32 app crashes due to issue 1 above before the client has tried a bunch of times. Is there some way that the ESP32 can prevent the client from re-connecting ? Or does my ESP32 app just have to keep calling esp_wifi_deauth_sta() and hope other clients can get access in the short times when the blocked client is not connected?

rsimpsonbusa
Posts: 131
Joined: Tue May 17, 2016 8:12 pm

Re: How to deny Connection as AP

Postby rsimpsonbusa » Sat Jun 13, 2020 9:36 pm

Hi.

I don’t have panics or heap errors. I have very strict control of any structure or Mallocs that the station was using. Also, the intention was to deny an external station to connect at all so I have a list of whitelisted macs and therefore when a AP_STA_CONNECT happens and not in the whitelist i deauthorize this station.

Regarding second question, that is the client/caller´s problem. It could try to connect forever and denied always. DOS will not happened since the delay between calls is rather long (in ms).

If u have a working station inside your server and deauthorize it, all references to that connection are invalid, so sockets are to be closed, http_client etc anything connected to it.

RSN

dparkinson
Posts: 7
Joined: Tue Aug 08, 2017 12:28 pm

Re: How to deny Connection as AP

Postby dparkinson » Mon Jun 15, 2020 12:36 pm

rsimpsonbusa
Thanks for the reply.

As an experiment, I tried esp_wifi_deauth_sta() for all devices right in my_event_handler() for every device that tried to connect. It still kept crashing. I figured it should have deauth'd the station before traffic was established, but that didn't happen. Perhaps I'll try to esp_wifi_stop() immediately after esp_wifi_deauth_sta() to close any connections then esp_wifi_start() to open it back up? What would happen in that case if there is a legit station connected in the middle of some transaction?

Who is online

Users browsing this forum: Google [Bot] and 105 guests