* [PATCH 1/3] nl80211cmd: add NL80211_CMD_ASSOC_COMEBACK
@ 2025-05-22 18:41 James Prestwood
2025-05-22 18:41 ` [PATCH 2/3] nl80211util: support parsing NL80211_ATTR_TIMEOUT James Prestwood
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: James Prestwood @ 2025-05-22 18:41 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
---
src/nl80211cmd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/nl80211cmd.c b/src/nl80211cmd.c
index 065d52af..65a948c5 100644
--- a/src/nl80211cmd.c
+++ b/src/nl80211cmd.c
@@ -177,6 +177,7 @@ static const struct {
{ NL80211_CMD_UNPROT_BEACON, "Unprotected Beacon" },
{ NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS,
"Control Port TX Status" },
+ { NL80211_CMD_ASSOC_COMEBACK, "Association comeback delay" },
{ }
};
--
2.34.1
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH 2/3] nl80211util: support parsing NL80211_ATTR_TIMEOUT 2025-05-22 18:41 [PATCH 1/3] nl80211cmd: add NL80211_CMD_ASSOC_COMEBACK James Prestwood @ 2025-05-22 18:41 ` James Prestwood 2025-05-22 18:41 ` [PATCH 3/3] netdev: support handling NL80211_CMD_ASSOC_COMEBACK James Prestwood 2025-05-28 17:08 ` [PATCH 1/3] nl80211cmd: add NL80211_CMD_ASSOC_COMEBACK Denis Kenzior 2 siblings, 0 replies; 4+ messages in thread From: James Prestwood @ 2025-05-22 18:41 UTC (permalink / raw) To: iwd; +Cc: James Prestwood --- src/nl80211util.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/nl80211util.c b/src/nl80211util.c index 0fdefddf..60cab7ec 100644 --- a/src/nl80211util.c +++ b/src/nl80211util.c @@ -190,6 +190,7 @@ static attr_handler handler_for_nl80211(int type) case NL80211_ATTR_CENTER_FREQ2: case NL80211_ATTR_AKM_SUITES: case NL80211_ATTR_EXTERNAL_AUTH_ACTION: + case NL80211_ATTR_TIMEOUT: return extract_uint32; case NL80211_ATTR_FRAME: return extract_iovec; -- 2.34.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 3/3] netdev: support handling NL80211_CMD_ASSOC_COMEBACK 2025-05-22 18:41 [PATCH 1/3] nl80211cmd: add NL80211_CMD_ASSOC_COMEBACK James Prestwood 2025-05-22 18:41 ` [PATCH 2/3] nl80211util: support parsing NL80211_ATTR_TIMEOUT James Prestwood @ 2025-05-22 18:41 ` James Prestwood 2025-05-28 17:08 ` [PATCH 1/3] nl80211cmd: add NL80211_CMD_ASSOC_COMEBACK Denis Kenzior 2 siblings, 0 replies; 4+ messages in thread From: James Prestwood @ 2025-05-22 18:41 UTC (permalink / raw) To: iwd; +Cc: James Prestwood A BSS can temporarily reject associations and provide a delay that the station should wait for before retrying. This is useful when sane values are used, but taking it to the extreme an AP could potentially request the client wait UINT32_MAX TU's which equates to 49 days. Either due to a bug, or worse by design, the kernel will wait for however long that timeout is. Luckily the kernel also sends an event to userspace with the amount of time it will be waiting. To guard against excessive timeouts IWD will now handle this event and enforce a maximum allowed value. If the timeout exceeds this IWD will deauthenticate. --- src/netdev.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/netdev.c b/src/netdev.c index a26a484e..3bdc3e69 100644 --- a/src/netdev.c +++ b/src/netdev.c @@ -5451,6 +5451,39 @@ static void netdev_michael_mic_failure(struct l_genl_msg *msg, l_debug("ifindex=%u key_idx=%u type=%u", netdev->index, idx, type); } +#define MAX_COMEBACK_DELAY 1200 + +static void netdev_assoc_comeback(struct l_genl_msg *msg, + struct netdev *netdev) +{ + const uint8_t *mac; + uint32_t timeout; + + if (L_WARN_ON(!netdev->connected)) + return; + + if (nl80211_parse_attrs(msg, NL80211_ATTR_MAC, &mac, + NL80211_ATTR_TIMEOUT, &timeout, + NL80211_ATTR_UNSPEC) < 0) + return; + + if (L_WARN_ON(memcmp(mac, netdev->handshake->aa, ETH_ALEN))) + return; + + if (timeout <= MAX_COMEBACK_DELAY) { + l_debug(MAC" requested an association comeback delay of %u TU", + MAC_STR(netdev->handshake->aa), timeout); + return; + } + + l_debug("Comeback delay of %u exceeded maximum of %u, deauthenticating", + timeout, MAX_COMEBACK_DELAY); + + netdev_deauth_and_fail_connection(netdev, + NETDEV_RESULT_ASSOCIATION_FAILED, + MMPDU_STATUS_CODE_REFUSED_TEMPORARILY); +} + static void netdev_mlme_notify(struct l_genl_msg *msg, void *user_data) { struct netdev *netdev = NULL; @@ -5504,6 +5537,9 @@ static void netdev_mlme_notify(struct l_genl_msg *msg, void *user_data) case NL80211_CMD_MICHAEL_MIC_FAILURE: netdev_michael_mic_failure(msg, netdev); break; + case NL80211_CMD_ASSOC_COMEBACK: + netdev_assoc_comeback(msg, netdev); + break; } } -- 2.34.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/3] nl80211cmd: add NL80211_CMD_ASSOC_COMEBACK 2025-05-22 18:41 [PATCH 1/3] nl80211cmd: add NL80211_CMD_ASSOC_COMEBACK James Prestwood 2025-05-22 18:41 ` [PATCH 2/3] nl80211util: support parsing NL80211_ATTR_TIMEOUT James Prestwood 2025-05-22 18:41 ` [PATCH 3/3] netdev: support handling NL80211_CMD_ASSOC_COMEBACK James Prestwood @ 2025-05-28 17:08 ` Denis Kenzior 2 siblings, 0 replies; 4+ messages in thread From: Denis Kenzior @ 2025-05-28 17:08 UTC (permalink / raw) To: James Prestwood, iwd Hi James, On 5/22/25 1:41 PM, James Prestwood wrote: > --- > src/nl80211cmd.c | 1 + > 1 file changed, 1 insertion(+) > All applied, thanks. Regards, -Denis ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-05-28 17:08 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-05-22 18:41 [PATCH 1/3] nl80211cmd: add NL80211_CMD_ASSOC_COMEBACK James Prestwood 2025-05-22 18:41 ` [PATCH 2/3] nl80211util: support parsing NL80211_ATTR_TIMEOUT James Prestwood 2025-05-22 18:41 ` [PATCH 3/3] netdev: support handling NL80211_CMD_ASSOC_COMEBACK James Prestwood 2025-05-28 17:08 ` [PATCH 1/3] nl80211cmd: add NL80211_CMD_ASSOC_COMEBACK Denis Kenzior
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox