aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Stewart <pstew@google.com>2010-08-16 18:27:26 (GMT)
committerJouni Malinen <j@w1.fi>2010-09-05 14:28:59 (GMT)
commitac8c05ca76636c112ba793c2603af5b7de9a1dd4 (patch)
treedf1f8c3b6fc1ec0c2b88c0b0341d4d13d13a79e7
parent56f62c8d97920cb202206325c6068126e07933a7 (diff)
downloadhostap-07-ac8c05ca76636c112ba793c2603af5b7de9a1dd4.zip
hostap-07-ac8c05ca76636c112ba793c2603af5b7de9a1dd4.tar.gz
hostap-07-ac8c05ca76636c112ba793c2603af5b7de9a1dd4.tar.bz2
nl80211: Ignore "DEAUTH" messages from APs we are not associated to
DEAUTH messages can come from a number of different sources. The one that's hurting us currently is DEAUTH netlink messages coming to us from compat-wireless in response to local_state_change DEAUTH messages we sent as a part of cleaning up state in driver_nl80211's clear_state_mismatch() function. However, DEAUTH messages can come from a variety of unwanted sources, including directed denial-of-service attacks (although MAC verification doesn't place that high a barrier), so this validation is actually generically useful, I think. The downside to this method is that without a kernel based approach "iw dev wlan0 link" no longer works correctly after clear_state_mismatch() is done. This will be pursued with the kernel folks. (cherry picked from commit cb30b297bd79ac82d9cbb192dc90b783974750cd)
-rw-r--r--src/drivers/driver_nl80211.c22
1 files changed, 19 insertions, 3 deletions
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 68a43c6..72c1569 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -701,12 +701,28 @@ static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
const u8 *bssid = NULL;
u16 reason_code = 0;
+ mgmt = (const struct ieee80211_mgmt *) frame;
+ if (len >= 24) {
+ bssid = mgmt->bssid;
+
+ if (drv->associated != 0 &&
+ os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
+ os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
+ /*
+ * We have presumably received this deauth as a
+ * response to a clear_state_mismatch() outgoing
+ * deauth. Don't let it take us offline!
+ */
+ wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
+ "from Unknown BSSID " MACSTR " -- ignoring",
+ MAC2STR(bssid));
+ return;
+ }
+ }
+
drv->associated = 0;
os_memset(&event, 0, sizeof(event));
- mgmt = (const struct ieee80211_mgmt *) frame;
- if (len >= 24)
- bssid = mgmt->bssid;
/* Note: Same offset for Reason Code in both frame subtypes */
if (len >= 24 + sizeof(mgmt->u.deauth))
reason_code = le_to_host16(mgmt->u.deauth.reason_code);