Return-path: Received: from smtp-out.google.com ([74.125.121.35]:53630 "EHLO smtp-out.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751422Ab0GARVe (ORCPT ); Thu, 1 Jul 2010 13:21:34 -0400 Received: from wpaz1.hot.corp.google.com (wpaz1.hot.corp.google.com [172.24.198.65]) by smtp-out.google.com with ESMTP id o61HLWfd004475 for ; Thu, 1 Jul 2010 10:21:32 -0700 Received: from iwn7 (iwn7.prod.google.com [10.241.68.71]) by wpaz1.hot.corp.google.com with ESMTP id o61HLQXZ009705 for ; Thu, 1 Jul 2010 10:21:31 -0700 Received: by iwn7 with SMTP id 7so3200416iwn.33 for ; Thu, 01 Jul 2010 10:21:31 -0700 (PDT) MIME-Version: 1.0 Date: Thu, 1 Jul 2010 10:21:31 -0700 Message-ID: Subject: [PATCH 2.6.34] mac80211: Fix auth retries if AP sends temporary deauth From: Paul Stewart To: Johannes Berg Cc: linux-wireless@vger.kernel.org, Michael Wu , Jiri Benc , "John W. Linville" Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-wireless-owner@vger.kernel.org List-ID: This bypasses destruction of BSS state if a temporary DEAUTH packet is received while performing an AUTH. This will allow the retry mechanism (which runs regardless of this patch) to succeed, since we do not remove the BSS state which is required to complete authentication on the client side in cfg80211_send_rx_auth(). The specific case handled here is "Previous authentication no longer valid", which is usually generated by an AP if the AP still has saved state of the STA being authenticated. Usually a retry will be successful. Signed-off-by: Paul Stewart --- net/mac80211/work.c | 21 ++++++++++++++++++++- 1 files changed, 20 insertions(+), 1 deletions(-) diff --git a/net/mac80211/work.c b/net/mac80211/work.c index 15e1ba9..800929e 100644 --- a/net/mac80211/work.c +++ b/net/mac80211/work.c @@ -1006,7 +1006,7 @@ ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct ieee80211_local *local = sdata->local; struct ieee80211_mgmt *mgmt; struct ieee80211_work *wk; - u16 fc; + u16 fc, reason_code; if (skb->len < 24) return RX_DROP_MONITOR; @@ -1030,6 +1030,25 @@ ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata, skb_queue_tail(&local->work_skb_queue, skb); ieee80211_queue_work(&local->hw, &local->work_work); return RX_QUEUED; + case IEEE80211_STYPE_DEAUTH: + /* + * If we get sent a DEAUTH while we are + * actively trying to authenticate to this + * station, we shoot ourselves in the foot if + * we fall through using RX_CONTINUE and allow + * the bss context to disappear + * (ieee80211_sta_rx_mgmt()). This is + * especially true if the reason for the + * DEAUTH was a negative but temporary direct + * response to an AUTH attempt. Let the retry + * mechanism run its course instead. + */ + reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); + if (wk->type == IEEE80211_WORK_AUTH && + reason_code == WLAN_REASON_PREV_AUTH_NOT_VALID) { + return RX_DROP_MONITOR; + } + break; } }