On Fri, 2010-07-02 at 11:09 -0700, Paul Stewart wrote:
> It may be a weird patch, but probably just because I'm still wrapping
> my head around how things work.
Sure.
> The problem is ultimately the call to
> __cfg80211_send_deauth() in wireless/mlme.c that is triggered by
> reception of the DEAUTH.
Is it? I thought it was without double underscore from another code
path?
> That function removes wdev->auth_bsses[i],
No, the BSS can't be in auth_bsses yet. I think the problem is more
complex, and wpa_supplicant itself will remove it from auth_bsses
because the kernel erroneously told it we got deauthenticated.
> which is needed in order for an auth to succeed. The code path that
> gets us there is:
>
> mac80211/rx.c: ieee80211_rx_h_mgmt()
> mac80211/mlme.c: ieee80211_sta_rx_mgmt()
> ...then through the queued work and...
> ieee80211_sta_rx_queued_mgmt()
>
> At the bottom of the latter function, outside of the block that checks
> for our authentication state, we call cfg80211_send_deauth() in
> response to IEEE80211_STYPE_DEAUTH, which quite arguably should never
> be called if we're authenticated. The only time this issue touches
> cfg80211 is that final call to send_deauth() which I believe is done
> in error. I think the fix should be in mac80211 somewhere.
>
> I didn't find a way to tell where we were in the authentication proces
> from within ieee80211_sta_rx_queued_mgmt(), so I swallowed the packet
> much earlier in the process from within ieee80211_work_rx_mgmt(),
> which has access to that state, and can indeed claim packets for
> itself it it believes it knows best what to do with them.
>
> I hope this clears up my thinking on this. I'd be happy to change the
> patch in whatever way makes sense.
Can you try the patch below instead of yours? I'll explain it a bit more
later, but my church wedding ceremony is tomorrow :)
johannes
--- wireless-testing.orig/net/wireless/mlme.c 2010-07-02 20:12:19.000000000 +0200
+++ wireless-testing/net/wireless/mlme.c 2010-07-02 20:12:43.000000000 +0200
@@ -44,10 +44,10 @@ void cfg80211_send_rx_auth(struct net_de
}
}
- WARN_ON(!done);
-
- nl80211_send_rx_auth(rdev, dev, buf, len, GFP_KERNEL);
- cfg80211_sme_rx_auth(dev, buf, len);
+ if (done) {
+ nl80211_send_rx_auth(rdev, dev, buf, len, GFP_KERNEL);
+ cfg80211_sme_rx_auth(dev, buf, len);
+ }
wdev_unlock(wdev);
}
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
