When using MAC randomization suppliant can change local MAC address during roaming scenario: 1. We attach to AP1 (with MAC1). 2. Roaming to AP2 is started: a) we send DEAUTH(for AP1, with MAC1) b) we change MAC to MAC2 due to randomization c) we start authentication for AP2 d) we get notification about DEAUTH for AP1 (which we ignore) e) we complete association with AP2 In point 2d we completely ignore the notification which later causes problems. The intended behaviour is as follows: during roaming we generate DEAUTH (2a) and signal this event right away. To protect from handling of our own DEAUTH for the 2nd time supplicant marks 'ignore_next_local_deauth' variable. In point 2d we should receive this notification and clear the flag but this does not happen because MAC1 in the notification is not the current MAC address (it has been changed in 2b) so this notification is ignored as a one with a "foreign" address. So we end up successfully at AP2 but with 'ignore_next_local_deauth' still set which causes problems. For example if AP2 shuts down it has been observed on some drivers that the DEAUTH notification is generated as a local one and since we have flag to ignore it nothing is reported over D-Bus. To address the problem let's store the previously used MAC address and use it for checking for foreign address (in combination with the current one). Signed-off-by: Andrzej Ostruszka <amo@xxxxxxxxxxxx> --- src/drivers/driver_nl80211.c | 2 ++ src/drivers/driver_nl80211.h | 1 + src/drivers/driver_nl80211_event.c | 11 +++++++---- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 8eb033c78..9619569a7 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -1165,6 +1165,7 @@ static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv, MACSTR " to " MACSTR, ifindex, bss->ifname, MAC2STR(bss->addr), MAC2STR(addr)); + os_memcpy(bss->prev_addr, bss->addr, ETH_ALEN); os_memcpy(bss->addr, addr, ETH_ALEN); if (notify) wpa_supplicant_event(drv->ctx, @@ -10402,6 +10403,7 @@ static int nl80211_set_mac_addr(void *priv, const u8 *addr) wpa_printf(MSG_DEBUG, "nl80211: set_mac_addr for %s to " MACSTR, bss->ifname, MAC2STR(addr)); drv->addr_changed = new_addr; + os_memcpy(bss->prev_addr, bss->addr, ETH_ALEN); os_memcpy(bss->addr, addr, ETH_ALEN); if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1) < 0) diff --git a/src/drivers/driver_nl80211.h b/src/drivers/driver_nl80211.h index 9d61c1d69..6c0b5d53d 100644 --- a/src/drivers/driver_nl80211.h +++ b/src/drivers/driver_nl80211.h @@ -67,6 +67,7 @@ struct i802_bss { unsigned int use_nl_connect:1; u8 addr[ETH_ALEN]; + u8 prev_addr[ETH_ALEN]; int freq; int bandwidth; diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index 0f0a01d01..b4c66d583 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -917,8 +917,10 @@ static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, * ignore_next_local_deauth as well, to avoid next local * deauth event be wrongly ignored. */ - if (!os_memcmp(mgmt->sa, drv->first_bss->addr, - ETH_ALEN)) { + if (os_memcmp(mgmt->sa, drv->first_bss->addr, + ETH_ALEN) == 0 || + os_memcmp(mgmt->sa, drv->first_bss->prev_addr, + ETH_ALEN) == 0) { wpa_printf(MSG_DEBUG, "nl80211: Received a locally generated deauth event. Clear ignore_next_local_deauth flag"); drv->ignore_next_local_deauth = 0; @@ -1107,8 +1109,9 @@ static void mlme_event(struct i802_bss *bss, os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && (is_zero_ether_addr(bss->rand_addr) || os_memcmp(bss->rand_addr, data + 4, ETH_ALEN) != 0) && - os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { - wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " + os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0 && + os_memcmp(bss->prev_addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { + wpa_printf(MSG_DEBUG, "nl80211: %s: Ignore MLME frame event " "for foreign address", bss->ifname); return; } -- 2.36.1.476.g0c4daa206d-goog _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap