[PATCH] Ignore "DEAUTH" messages from APs we are not associated to

Wed Aug 4 12:08:55 PDT 2010

It depends on what effect you're looking for. :-)  This function sets
drv->associated to 0, meaning before the patch we receive a DEAUTH
frame from anyone, we become disassociated from everyone.  This
includes the current SSID association, the previous one, wherever we
have pre-associated to as well as any random host that sends us a
deauth.  If you look at the implementation of wpa_supplicant_event()
in wpa_priv.c you'll also see that the bssid is disregarded there as
well for EVENT_DISASSOC.  I think like bumping ourselves offline
should only happen if we were deauthed/disassociated from the AP that
we're currently online through.

--
Paul

On Tue, Aug 3, 2010 at 10:37 PM, Dan Williams <dcbw at redhat.com> wrote:
> On Fri, 2010-07-30 at 11:52 -0700, Paul Stewart wrote:
>> DEAUTH messages can come from a number of different sources. The one
>> that's hurting us currently is DEAUTH netlink messages coming to us
>> from compat-wireless in response to local_state_change DEAUTH messages
>> we sent as a part of cleaning up state in driver_nl80211's
>> clear_state_mismatch() function. However, DEAUTH messages can come
>> from a variety of unwanted sources, including directed denial-of-service
>> attacks (although MAC verification doesn't place that high a barrier),
>> so this validation is actually generically useful, I think.
>>
>> The downside to this method is that without a kernel based approach
>> "iw dev wlan0 link" no longer works correctly after clear_state_mismatch()
>> is done. ?This will be pursued with the kernel folks.
>
> Does this patch have any effect on APs that we may have
> pre-authenticated to that decide to drop us for some reason? ?I have no
> idea, but just a thought.
>
> Dan
>
>>
>>
>> diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
>> index a1233274cadf2262bcbcc181be01974217bd3394..d13f3138d310843df8cc05db81837af2f840e7e4
>> 100644
>> --- a/src/drivers/driver_nl80211.c
>> +++ b/src/drivers/driver_nl80211.c
>> @@ -702,12 +702,28 @@ static void mlme_event_deauth_disassoc(struct
>> wpa_driver_nl80211_data *drv,
>> ? ? ? const u8 *bssid = NULL;
>> ? ? ? u16 reason_code = 0;
>>
>> + ? ? mgmt = (const struct ieee80211_mgmt *) frame;
>> + ? ? if (len >= 24) {
>> + ? ? ? ? ? ? bssid = mgmt->bssid;
>> +
>> + ? ? ? ? ? ? if (drv->associated != 0 &&
>> + ? ? ? ? ? ? ? ? os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
>> + ? ? ? ? ? ? ? ? os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
>> + ? ? ? ? ? ? ? ? ? ? /*
>> + ? ? ? ? ? ? ? ? ? ? ?* We have presumably received this deauth as a
>> + ? ? ? ? ? ? ? ? ? ? ?* response to a clear_state_mismatch() outgoing
>> + ? ? ? ? ? ? ? ? ? ? ?* deauth. ?Don't let it take us offline!
>> + ? ? ? ? ? ? ? ? ? ? ?*/
>> + ? ? ? ? ? ? ? ? ? ? wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
>> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?"from Unknown BSSID " MACSTR " -- ignoring",
>> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?MAC2STR(bssid));
>> + ? ? ? ? ? ? ? ? ? ? return;
>> + ? ? ? ? ? ? }
>> + ? ? }
>> +
>> ? ? ? drv->associated = 0;
>> ? ? ? os_memset(&event, 0, sizeof(event));
>>
>> - ? ? mgmt = (const struct ieee80211_mgmt *) frame;
>> - ? ? if (len >= 24)
>> - ? ? ? ? ? ? bssid = mgmt->bssid;
>> ? ? ? /* Note: Same offset for Reason Code in both frame subtypes */
>> ? ? ? if (len >= 24 + sizeof(mgmt->u.deauth))
>> ? ? ? ? ? ? ? reason_code = le_to_host16(mgmt->u.deauth.reason_code);
>>
>> --
>> Paul
>> _______________________________________________
>> HostAP mailing list
>> HostAP at lists.shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>
>
>