[PATCH] hostapd:Avoid disassociation getting in to a loop by moving

Wed Jul 5 09:16:42 PDT 2017

From: dheerajkm <dheeraj.km at globaledgesoft.com>

Hi,

We were hitting a corner case, where STA's connectivity state machine
was getting into a loop of sending disassociation, for previously
disassociating STA when no ACK is received for Association Response for
Association being tried within ap_handle_timer timeout(AP_DEAUTH_DELAY)

Scenario explained:
1) Associated STA has sent Disassociation frame.
   During reception of Disassociation from STA, in handle_disassoc(),
   sta->timeout_next sets to STA_DEAUTH(0x2) and registers a
   ap_handle_timer for AP_DEAUTH_DELAY(1 sec).
2) STA made Association attempt immediately within ap_handle_timer
   expires/timeout and in handle_assoc() the sta->timeout_next set
   to STA_NULLFUNC.
3) AP has replied with Assoc Response but there was
   no acknowledgement received by AP.
4) During the expiry of ap_handle_timer, as sta->timeout_next
   is STA_NULLFUNC(0x0), sends disassoc to STA and updates
   sta->timeout_next to to STA_DISASSOC(0x1) and ap_handle_timer
   gets registers for AP_DISASSOC_DELAY(1 sec).
5) Once ap_handle_timer timeouts(AP_DISASSOC_DELAY),
   sends disassoc to STA and updates sta->timeout_next to STA_DEAUTH(0x2)
   and ap_handle_timer gets registers for AP_DEAUTH_DELAY(1 sec).
6) Once ap_handle_timer timeouts(AP_DEAUTH_DELAY),
   sends deauth to STA and STA context cleaned up by calling ap_free_sta().

Here, the Disassociation being tried for twice and Deauth tried once.

To Fix this issue, sta->timeout_next = STA_NULLFUNC
is moved from handle_assoc() to hostapd_new_assoc_sta().

Due to this change, sta->timeout_next is set to STA_NULLFUNC
only when Ack is received for the Association Response sent out.
So if ACK is not received within AP_DEAUTH_DELAY, STA is deauthenticated
and STA context is cleaned up. Due to which there needs to be a
new session started by STA with AUTH Req.

Thanks,
Dheeraj K M

 src/ap/hostapd.c    | 4 ++++
 src/ap/ieee802_11.c | 4 ----
 2 files changed, 4 insertions(+), 4 deletions(-)

-- 
1.9.1

Disclaimer:- The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. The views expressed in this E-mail message (including the enclosure/(s) or attachment/(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of GlobalEdge. Before opening any mail and attachments please check them for viruses .GlobalEdge does not accept any liability for virus infected mails.