[PATCH 1/1] Avoid double invocation of wpa_driver_nl80211_sta_remove function from ap_sta_disconnect context.
Jithu Jance
jithujance at gmail.com
Tue Dec 6 10:13:36 PST 2016
Hi Jouni,
On 6 December 2016 at 21:51, Jouni Malinen <j at w1.fi> wrote:
>
> The following changes should take care of this for the case where the
> STA deauthenticates immediately after EAP-Failure (which is the normal
> wpa_supplicant behavior). It might still be possible to see two
> Deauthentication frames if the STA happens to send it exactly in 10 ms
> after EAP-Failure.
Thanks a lot for the patch. This should improve the second deauth
scenario apart from the border line case.
> AP (and the complexity of avoiding this exact 10 ms case is
> significantly higher due to having to do something in kernel and/or even
> hardware TX queues to cancel transmission).
Agree. The border line case fix might require patches in firmware, kernel to
keep the state machines in sync and still ignore the deauth.
Considering, the complexities involved, I think this patch is a good trade off.
Thanks,
- Jithu Jance
- Jithu Jance
+91 9886639940
On 6 December 2016 at 21:51, Jouni Malinen <j at w1.fi> wrote:
> On Tue, Sep 20, 2016 at 05:59:00PM +0530, Jithu Jance wrote:
>> Yes. For STA devices supporting firmware roam, the first deauth clears
>> the assoc and kicks the
>> firmware to scan and search for similar profile networks. Now the
>> second deauth from AP/GO
>> pre-empts the join process. For e.g In P2P case, the deauth following
>> WPS EAP-FAIL will cause the P2P GC
>> to disassociate. Now for cases, where GC tries to connect back
>> immediately, the P2P GO would have moved
>> to authenticated state internally and the second deauth from
>> supplicant pre-empts this join process.
>>
>> Do you see any other solution to avoid this second deauth?
>
> The following changes should take care of this for the case where the
> STA deauthenticates immediately after EAP-Failure (which is the normal
> wpa_supplicant behavior). It might still be possible to see two
> Deauthentication frames if the STA happens to send it exactly in 10 ms
> after EAP-Failure. I'm not sure this would be something that we would
> need to care about since the likelihood of that is significantly smaller
> than the likelihood for this sequence in the past when any 0..10 ms time
> would have resulted in the unexpected Deauthentication frame from the
> AP (and the complexity of avoiding this exact 10 ms case is
> significantly higher due to having to do something in kernel and/or even
> hardware TX queues to cancel transmission).
>
>
> [PATCH] Use eloop timeout for post-EAP-Failure wait before disconnection
>
> Previously, os_sleep() was used to block the hostapd (or wpa_supplicant
> AP/P2P GO mode) processing between sending out EAP-Failure and
> disconnecting the STA. This is not ideal for couple of reasons: it
> blocks all other parallel operations in the process and it leaves a
> window during which the station might deauthenticate and the AP would
> have no option for reacting to that before forcing out its own
> Deauthentication frame which could go out after the STA has already
> started new connection attempt.
>
> Improve this design by scheduling an eloop timeout of 10 ms instead of
> the os_sleep() call and perform the delayed operations from the eloop
> callback function. This eloop timeout is cancelled if the STA
> disconnects or initiates a new connection attempt before the 10 ms time
> is reached. This gets rid of the confusing extra Deauthentication frame
> in cases where the STA reacts to EAP-Failure by an immediate
> deauthentication.
>
> Signed-off-by: Jouni Malinen <j at w1.fi>
> ---
> src/ap/ieee802_1x.c | 11 +----------
> src/ap/sta_info.c | 43 ++++++++++++++++++++++++++++++++++++++++++-
> src/ap/sta_info.h | 2 ++
> 3 files changed, 45 insertions(+), 11 deletions(-)
>
> diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
> index 7ac337d..f3b04e2 100644
> --- a/src/ap/ieee802_1x.c
> +++ b/src/ap/ieee802_1x.c
> @@ -2737,15 +2737,6 @@ static void ieee802_1x_finished(struct hostapd_data *hapd,
> * EAP-FAST with anonymous provisioning, may require another
> * EAPOL authentication to be started to complete connection.
> */
> - wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "IEEE 802.1X: Force "
> - "disconnection after EAP-Failure");
> - /* Add a small sleep to increase likelihood of previously
> - * requested EAP-Failure TX getting out before this should the
> - * driver reorder operations.
> - */
> - os_sleep(0, 10000);
> - ap_sta_disconnect(hapd, sta, sta->addr,
> - WLAN_REASON_IEEE_802_1X_AUTH_FAILED);
> - hostapd_wps_eap_completed(hapd);
> + ap_sta_delayed_1x_auth_fail_disconnect(hapd, sta);
> }
> }
> diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
> index f12d408..63165c6 100644
> --- a/src/ap/sta_info.c
> +++ b/src/ap/sta_info.c
> @@ -1,6 +1,6 @@
> /*
> * hostapd / Station table
> - * Copyright (c) 2002-2013, Jouni Malinen <j at w1.fi>
> + * Copyright (c) 2002-2016, Jouni Malinen <j at w1.fi>
> *
> * This software may be distributed under the terms of the BSD license.
> * See README for more details.
> @@ -36,6 +36,7 @@
> #include "ndisc_snoop.h"
> #include "sta_info.h"
> #include "vlan.h"
> +#include "wps_hostapd.h"
>
> static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
> struct sta_info *sta);
> @@ -47,6 +48,7 @@ static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
> static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
> #endif /* CONFIG_IEEE80211W */
> static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
> +static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx);
>
> int ap_for_each_sta(struct hostapd_data *hapd,
> int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
> @@ -1275,6 +1277,11 @@ void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
> "%s: Removed ap_sta_disassoc_cb_timeout timeout for "
> MACSTR,
> hapd->conf->iface, MAC2STR(sta->addr));
> + if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0)
> + wpa_printf(MSG_DEBUG,
> + "%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for "
> + MACSTR,
> + hapd->conf->iface, MAC2STR(sta->addr));
> }
>
>
> @@ -1309,3 +1316,37 @@ int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen)
>
> return res;
> }
> +
> +
> +static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx)
> +{
> + struct hostapd_data *hapd = eloop_ctx;
> + struct sta_info *sta = timeout_ctx;
> +
> + wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
> + "IEEE 802.1X: Scheduled disconnection of " MACSTR
> + " after EAP-Failure", MAC2STR(sta->addr));
> +
> + ap_sta_disconnect(hapd, sta, sta->addr,
> + WLAN_REASON_IEEE_802_1X_AUTH_FAILED);
> + if (sta->flags & WLAN_STA_WPS)
> + hostapd_wps_eap_completed(hapd);
> +}
> +
> +
> +void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
> + struct sta_info *sta)
> +{
> + wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
> + "IEEE 802.1X: Force disconnection of " MACSTR
> + " after EAP-Failure in 10 ms", MAC2STR(sta->addr));
> +
> + /*
> + * Add a small sleep to increase likelihood of previously requested
> + * EAP-Failure TX getting out before this should the driver reorder
> + * operations.
> + */
> + eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta);
> + eloop_register_timeout(0, 10000, ap_sta_delayed_1x_auth_fail_cb,
> + hapd, sta);
> +}
> diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
> index a416337..fa7378c 100644
> --- a/src/ap/sta_info.h
> +++ b/src/ap/sta_info.h
> @@ -296,5 +296,7 @@ void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
> struct sta_info *sta);
>
> int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen);
> +void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
> + struct sta_info *sta);
>
> #endif /* STA_INFO_H */
> --
> 1.9.1
>
>
> --
> Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list