mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
DPP: Stop Authentication Request attempts if no response after ACK
If unicast Authentication Request frame is used and the peer ACKs such a frame, but does not reply within the two second limit, there is no need to continue trying to retransmit the request frames since the peer was found, but not responsive. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
fce412d3ef
commit
248264c622
@ -194,6 +194,7 @@ struct dpp_authentication {
|
|||||||
int initiator;
|
int initiator;
|
||||||
int waiting_auth_resp;
|
int waiting_auth_resp;
|
||||||
int waiting_auth_conf;
|
int waiting_auth_conf;
|
||||||
|
int auth_req_ack;
|
||||||
unsigned int auth_resp_tries;
|
unsigned int auth_resp_tries;
|
||||||
u8 allowed_roles;
|
u8 allowed_roles;
|
||||||
int configurator;
|
int configurator;
|
||||||
|
@ -419,6 +419,13 @@ static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp &&
|
||||||
|
result == OFFCHANNEL_SEND_ACTION_SUCCESS) {
|
||||||
|
/* Allow timeout handling to stop iteration if no response is
|
||||||
|
* received from a peer that has ACKed a request. */
|
||||||
|
auth->auth_req_ack = 1;
|
||||||
|
}
|
||||||
|
|
||||||
if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
|
if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
|
||||||
wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
|
wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
@ -434,13 +441,24 @@ static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
|
|||||||
static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
|
static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
|
||||||
{
|
{
|
||||||
struct wpa_supplicant *wpa_s = eloop_ctx;
|
struct wpa_supplicant *wpa_s = eloop_ctx;
|
||||||
|
struct dpp_authentication *auth = wpa_s->dpp_auth;
|
||||||
unsigned int freq;
|
unsigned int freq;
|
||||||
struct os_reltime now;
|
struct os_reltime now;
|
||||||
|
|
||||||
if (!wpa_s->dpp_auth)
|
if (!auth)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (wpa_s->dpp_auth->waiting_auth_resp) {
|
if (auth->waiting_auth_resp && auth->auth_req_ack) {
|
||||||
|
wpa_printf(MSG_INFO,
|
||||||
|
"DPP: No response received from responder - stopping initiation attempt");
|
||||||
|
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
|
||||||
|
offchannel_send_action_done(wpa_s);
|
||||||
|
dpp_auth_deinit(auth);
|
||||||
|
wpa_s->dpp_auth = NULL;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (auth->waiting_auth_resp) {
|
||||||
unsigned int wait_time;
|
unsigned int wait_time;
|
||||||
|
|
||||||
wait_time = wpa_s->dpp_resp_wait_time ?
|
wait_time = wpa_s->dpp_resp_wait_time ?
|
||||||
@ -454,9 +472,9 @@ static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
freq = wpa_s->dpp_auth->curr_freq;
|
freq = auth->curr_freq;
|
||||||
if (wpa_s->dpp_auth->neg_freq > 0)
|
if (auth->neg_freq > 0)
|
||||||
freq = wpa_s->dpp_auth->neg_freq;
|
freq = auth->neg_freq;
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Continue reply wait on channel %u MHz",
|
wpa_printf(MSG_DEBUG, "DPP: Continue reply wait on channel %u MHz",
|
||||||
freq);
|
freq);
|
||||||
wpas_dpp_listen_start(wpa_s, freq);
|
wpas_dpp_listen_start(wpa_s, freq);
|
||||||
@ -649,7 +667,7 @@ static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
|
|||||||
max_tries = wpa_s->dpp_init_max_tries;
|
max_tries = wpa_s->dpp_init_max_tries;
|
||||||
else
|
else
|
||||||
max_tries = 5;
|
max_tries = 5;
|
||||||
if (auth->num_freq_iters >= max_tries) {
|
if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
|
||||||
wpa_printf(MSG_INFO,
|
wpa_printf(MSG_INFO,
|
||||||
"DPP: No response received from responder - stopping initiation attempt");
|
"DPP: No response received from responder - stopping initiation attempt");
|
||||||
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
|
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
|
||||||
@ -694,6 +712,7 @@ static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
|
|||||||
}
|
}
|
||||||
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
|
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
|
||||||
MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
|
MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
|
||||||
|
auth->auth_req_ack = 0;
|
||||||
os_get_reltime(&wpa_s->dpp_last_init);
|
os_get_reltime(&wpa_s->dpp_last_init);
|
||||||
return offchannel_send_action(wpa_s, freq, dst,
|
return offchannel_send_action(wpa_s, freq, dst,
|
||||||
wpa_s->own_addr, broadcast,
|
wpa_s->own_addr, broadcast,
|
||||||
|
Loading…
Reference in New Issue
Block a user