With AP-AP communication, when hapd0 sends a packet, hapd1 can receive it immediately and send a response. But hapd0 will only read and process the response after it has returned from the sending context, that is entered eloop again. So one does not need to consider the rx function of the reply to run for the request sending hapd before the send calling function has returned. Currently, with intra-process communication, the packet is not scheduled through eloop. Thus the rx handler of the reply might be run while the sending context of the original request has not returned. This might become problematic e.g. when deferring a wifi request until a rrb response is received and then have the request restarted and finished before the original request handling has been stopped. I'm not aware of any conrete bug this is currently triggering but came across it while thinking of FT RRB AP-AP sequence numbering. It think the non-eloop scheduling approach might be error-prone and thus propose to model it more closely to the way the message would be received from socket. Additionally, this ensures that the tests model AP-AP communication more closely to real world. Solution: queue these packets through eloop. Signed-off-by: Michael Braun <michael-dev@xxxxxxxxxxxxx> --- src/ap/hostapd.c | 3 ++ src/ap/hostapd.h | 5 ++++ src/ap/wpa_auth_glue.c | 76 +++++++++++++++++++++++++++++++++++++++++++------- 3 files changed, 74 insertions(+), 10 deletions(-) diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index 3c5a56c..01215aa 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -2017,6 +2017,9 @@ hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface, dl_list_init(&hapd->ctrl_dst); dl_list_init(&hapd->nr_db); hapd->dhcp_sock = -1; +#ifdef CONFIG_IEEE80211R_AP + dl_list_init(&hapd->l2_queue); +#endif /* CONFIG_IEEE80211R_AP */ return hapd; } diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h index 5ab623d..9d9eb6d 100644 --- a/src/ap/hostapd.h +++ b/src/ap/hostapd.h @@ -185,6 +185,11 @@ struct hostapd_data { #endif /* CONFIG_FULL_DYNAMIC_VLAN */ struct l2_packet_data *l2; + +#ifdef CONFIG_IEEE80211R_AP + struct dl_list l2_queue; +#endif /* CONFIG_IEEE80211R_AP */ + struct wps_context *wps; int beacon_set_done; diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index d4e0140..edf2940 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -9,6 +9,8 @@ #include "utils/includes.h" #include "utils/common.h" +#include "utils/eloop.h" +#include "utils/list.h" #include "common/ieee802_11_defs.h" #include "common/sae.h" #include "common/wpa_ctrl.h" @@ -425,9 +427,35 @@ struct wpa_auth_ft_iface_iter_data { }; +struct wpa_ft_rrb_rx_later_data { + struct dl_list list; + u8 addr[ETH_ALEN]; + u8 *data; + size_t data_len; +}; + +static void hostapd_wpa_ft_rrb_rx_later(void *eloop_ctx, void *timeout_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + struct wpa_ft_rrb_rx_later_data *data, *n; + + dl_list_for_each_safe(data, n, &hapd->l2_queue, + struct wpa_ft_rrb_rx_later_data, list) { + if (hapd->wpa_auth) { + wpa_ft_rrb_rx(hapd->wpa_auth, data->addr, data->data, + data->data_len); + } + dl_list_del(&data->list); + os_free(data->data); + os_free(data); + } +} + + static int hostapd_wpa_auth_ft_iter(struct hostapd_iface *iface, void *ctx) { struct wpa_auth_ft_iface_iter_data *idata = ctx; + struct wpa_ft_rrb_rx_later_data *data; struct hostapd_data *hapd; size_t j; @@ -437,18 +465,44 @@ static int hostapd_wpa_auth_ft_iter(struct hostapd_iface *iface, void *ctx) continue; if (!hapd->wpa_auth) continue; - if (os_memcmp(hapd->own_addr, idata->dst, ETH_ALEN) == 0) { - wpa_printf(MSG_DEBUG, "FT: Send RRB data directly to " - "locally managed BSS " MACSTR "@%s -> " - MACSTR "@%s", - MAC2STR(idata->src_hapd->own_addr), - idata->src_hapd->conf->iface, - MAC2STR(hapd->own_addr), hapd->conf->iface); - wpa_ft_rrb_rx(hapd->wpa_auth, - idata->src_hapd->own_addr, - idata->data, idata->data_len); + if (os_memcmp(hapd->own_addr, idata->dst, ETH_ALEN) != 0) + continue; + + wpa_printf(MSG_DEBUG, "FT: Send RRB data directly to " + "locally managed BSS " MACSTR "@%s -> " + MACSTR "@%s", + MAC2STR(idata->src_hapd->own_addr), + idata->src_hapd->conf->iface, + MAC2STR(hapd->own_addr), hapd->conf->iface); + + /* defer wpa_ft_rrb_rx until next eloop step as this is + * when it would be triggerd from reading from sock + * This avoids + * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv, + * that is calling hapd0:recv handler from within + * hapd0:send directly. + */ + data = os_zalloc(sizeof(*data)); + if (!data) + return 1; + + os_memcpy(data->addr, idata->src_hapd->own_addr, ETH_ALEN); + data->data = os_memdup(idata->data, idata->data_len); + if (!data->data) { + os_free(data); return 1; } + data->data_len = idata->data_len; + + dl_list_add(&hapd->l2_queue, &data->list); + + if (!eloop_is_timeout_registered(hostapd_wpa_ft_rrb_rx_later, + hapd, NULL)) + eloop_register_timeout(0, 0, + hostapd_wpa_ft_rrb_rx_later, + hapd, NULL); + + return 1; } return 0; @@ -716,6 +770,8 @@ void hostapd_deinit_wpa(struct hostapd_data *hapd) ieee802_1x_deinit(hapd); #ifdef CONFIG_IEEE80211R_AP + eloop_cancel_timeout(hostapd_wpa_ft_rrb_rx_later, hapd, ELOOP_ALL_CTX); + hostapd_wpa_ft_rrb_rx_later(hapd, NULL); /* flush without delivering */ l2_packet_deinit(hapd->l2); hapd->l2 = NULL; #endif /* CONFIG_IEEE80211R_AP */ -- 2.1.4 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap