mac80211: fix deauth before assoc

When we receive a deauthentication frame before having successfully associated, we neither print a message nor abort assocation. The former makes it hard to debug, while the latter later causes a warning in cfg80211 when, as will typically be the case, association timed out. This warning was reported by many, e.g. in https://bugzilla.kernel.org/show_bug.cgi?id=15981, but I couldn't initially pinpoint it. I verified the fix by hacking hostapd to send a deauth frame instead of an association response. Cc: stable@kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> Tested-by: Miles Lane <miles.lane@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Johannes Berg <johannes.berg@intel.com> 2010-06-07 15:50:07 -0400
committer: John W. Linville <linville@tuxdriver.com> 2010-06-08 14:41:54 -0400
commit: b054b747a694927879c94dd11af54d04346aed7d (patch)
tree: 91651e415fde622e53551286dd57279a4661e7cf
parent: 6db6340c42d027b6364d49fa99d69019aca24de4 (diff)
1 files changed, 38 insertions, 2 deletions
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 3310e70aa52f..f803f8b72a93 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1760,9 +1760,45 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
        mutex_unlock(&ifmgd->mtx);
        if (skb->len >= 24 + 2 /* mgmt + deauth reason */ &&
-            (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH)
+            (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH) {
-                cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
+                struct ieee80211_local *local = sdata->local;
+                struct ieee80211_work *wk;
+                mutex_lock(&local->work_mtx);
+                list_for_each_entry(wk, &local->work_list, list) {
+                        if (wk->sdata != sdata)
+                                continue;
+                        if (wk->type != IEEE80211_WORK_ASSOC)
+                                continue;
+                        if (memcmp(mgmt->bssid, wk->filter_ta, ETH_ALEN))
+                                continue;
+                        if (memcmp(mgmt->sa, wk->filter_ta, ETH_ALEN))
+                                continue;
+                        /*
+                         * Printing the message only here means we can't
+                         * spuriously print it, but it also means that it
+                         * won't be printed when the frame comes in before
+                         * we even tried to associate or in similar cases.
+                         *
+                         * Ultimately, I suspect cfg80211 should print the
+                         * messages instead.
+                         */
+                        printk(KERN_DEBUG
+                               "%s: deauthenticated from %pM (Reason: %u)\n",
+                               sdata->name, mgmt->bssid,
+                               le16_to_cpu(mgmt->u.deauth.reason_code));
+                        list_del_rcu(&wk->list);
+                        free_work(wk);
+                        break;
+                }
+                mutex_unlock(&local->work_mtx);
+                cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
+        }
 out:
        kfree_skb(skb);
 }
author	Johannes Berg <johannes.berg@intel.com>	2010-06-07 15:50:07 -0400
committer	John W. Linville <linville@tuxdriver.com>	2010-06-08 14:41:54 -0400
commit	b054b747a694927879c94dd11af54d04346aed7d (patch)
tree	91651e415fde622e53551286dd57279a4661e7cf
parent	6db6340c42d027b6364d49fa99d69019aca24de4 (diff)

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 3310e70aa52f..f803f8b72a93 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c
@@ -1760,9 +1760,45 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1760	mutex_unlock(&ifmgd->mtx);	1760	mutex_unlock(&ifmgd->mtx);
1761		1761
1762	if (skb->len >= 24 + 2 /* mgmt + deauth reason */ &&	1762	if (skb->len >= 24 + 2 /* mgmt + deauth reason */ &&
1763	(fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH)	1763	(fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH) {
1764	cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);	1764	struct ieee80211_local *local = sdata->local;
		1765	struct ieee80211_work *wk;
		1766
		1767	mutex_lock(&local->work_mtx);
		1768	list_for_each_entry(wk, &local->work_list, list) {
		1769	if (wk->sdata != sdata)
		1770	continue;
		1771
		1772	if (wk->type != IEEE80211_WORK_ASSOC)
		1773	continue;
		1774
		1775	if (memcmp(mgmt->bssid, wk->filter_ta, ETH_ALEN))
		1776	continue;
		1777	if (memcmp(mgmt->sa, wk->filter_ta, ETH_ALEN))
		1778	continue;
1765		1779
		1780	/*
		1781	* Printing the message only here means we can't
		1782	* spuriously print it, but it also means that it
		1783	* won't be printed when the frame comes in before
		1784	* we even tried to associate or in similar cases.
		1785	*
		1786	* Ultimately, I suspect cfg80211 should print the
		1787	* messages instead.
		1788	*/
		1789	printk(KERN_DEBUG
		1790	"%s: deauthenticated from %pM (Reason: %u)\n",
		1791	sdata->name, mgmt->bssid,
		1792	le16_to_cpu(mgmt->u.deauth.reason_code));
		1793
		1794	list_del_rcu(&wk->list);
		1795	free_work(wk);
		1796	break;
		1797	}
		1798	mutex_unlock(&local->work_mtx);
		1799
		1800	cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
		1801	}
1766	out:	1802	out:
1767	kfree_skb(skb);	1803	kfree_skb(skb);
1768	}	1804	}