From: Jouni Malinen <j@w1.fi>
To: Michal Kazior <michal.kazior@tieto.com>
Cc: linux-wireless <linux-wireless@vger.kernel.org>,
"hostap@lists.shmoo.com" <hostap@lists.shmoo.com>
Subject: Re: Association race when acting as AP?
Date: Tue, 7 Jul 2015 18:00:40 +0300 [thread overview]
Message-ID: <20150707150040.GA1374@w1.fi> (raw)
In-Reply-To: <CA+BoTQm==AM3F2Fxq6T_+uY+jq0yXc9JHFT0iwpe2XJrmxkSsg@mail.gmail.com>
On Thu, Jul 02, 2015 at 10:24:33AM +0200, Michal Kazior wrote:
> After looking into hostapd code I noticed something strange and I wonder if
> anyone else is already aware of this problem:
>
> 1. AP starts
> 2. STA->AP auth OTA
> 3. AP->STA auth OTA
> 4. STA->AP assoc req OTA
> 5. AP->STA assoc resp OTA
> 6. STA sends NullFunc with "STA will go to sleep" bit set
> 7. AP driver/device sees a frame from with unknown TA/SA and issues Deauth
> w/ Reason 7
> (this Deauth doesn't originate from hostapd; it comes from the device FW
> in my case)
If there is a driver or firmware design that sends these
Deauthentication frames on their own, they better be able to handle race
conditions and enable this functionality at the correct time.. Sure,
cfg80211 and hostapd may need modifications to make this work better,
but this needs to be done for things to work properly. There's a good
reason for hostapd having code to check the internal STA associated
flag before triggering deauthentication based on EVENT_RX_FROM_UNKNOWN
events..
> To me this looks like a race in hostapd. The station should be installed to
> driver _before_ sending Assoc Resp frame, not after. My quick-n-dirty hack
> seems to help:
Adding a STA entry before sending Association Response frame would be
fine, but this change would do more: it would claim that STA entry to be
in associated state. That is not correct from the IEEE 802.11 standard
view point. On the AP side, a STA becomes associated when an ACK frame
to the (Re)Association Response frame is received by the AP.
--
Jouni Malinen PGP id EFC895FA
next prev parent reply other threads:[~2015-07-07 15:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CA+BoTQm==AM3F2Fxq6T_+uY+jq0yXc9JHFT0iwpe2XJrmxkSsg@mail.gmail.com>
2015-07-02 8:38 ` Association race when acting as AP? Johannes Berg
2015-07-02 10:28 ` Michal Kazior
2015-07-02 11:41 ` Johannes Berg
[not found] ` <CAB3XZEf4jC6-au4KQ7SrBtUAyq1LmOqFrT_PLrDZ8ER8ZpR1SA@mail.gmail.com>
2015-07-02 10:39 ` Michal Kazior
2015-07-02 12:45 ` Eliad Peller
2015-07-07 15:00 ` Jouni Malinen [this message]
2015-07-09 12:42 ` Michal Kazior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150707150040.GA1374@w1.fi \
--to=j@w1.fi \
--cc=hostap@lists.shmoo.com \
--cc=linux-wireless@vger.kernel.org \
--cc=michal.kazior@tieto.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).