From 3302b7c29f42c532c815268bcdcd09e1dbe1840c Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Thu, 19 Jun 2014 20:56:32 +0300
Subject: [PATCH] Rate limit SA Query procedure initiation on unprotected
 disconnect

There is no need to trigger new SA Query procedure to check the state of
the connection immediately after having performed such a check. Limit
the impact of burst of unprotected Deauth/Disassoc frames by starting a
new SA Query procedure only once at least 10 seconds has passed from the
previous SA Query that was triggered by reception of an unprotected
disconnection. The first SA Query procedure for each association does
not follow this rule to avoid issues with test cases that expect to see
an SA Query every time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 wpa_supplicant/events.c           | 1 +
 wpa_supplicant/sme.c              | 7 +++++++
 wpa_supplicant/wpa_supplicant_i.h | 1 +
 3 files changed, 9 insertions(+)

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index b6b2410fe..3d92fe71c 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1923,6 +1923,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
 #ifdef CONFIG_SME
 	os_memcpy(wpa_s->sme.prev_bssid, bssid, ETH_ALEN);
 	wpa_s->sme.prev_bssid_set = 1;
+	wpa_s->sme.last_unprot_disconnect.sec = 0;
 #endif /* CONFIG_SME */
 
 	wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid));
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 82aef0d80..81a1eded6 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1344,6 +1344,7 @@ void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
 				 const u8 *da, u16 reason_code)
 {
 	struct wpa_ssid *ssid;
+	struct os_reltime now;
 
 	if (wpa_s->wpa_state != WPA_COMPLETED)
 		return;
@@ -1360,6 +1361,12 @@ void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
 	if (wpa_s->sme.sa_query_count > 0)
 		return;
 
+	os_get_reltime(&now);
+	if (wpa_s->sme.last_unprot_disconnect.sec &&
+	    !os_reltime_expired(&now, &wpa_s->sme.last_unprot_disconnect, 10))
+		return; /* limit SA Query procedure frequency */
+	wpa_s->sme.last_unprot_disconnect = now;
+
 	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - "
 		"possible AP/STA state mismatch - trigger SA Query");
 	sme_start_sa_query(wpa_s);
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index c51a70305..1cb4e161d 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -636,6 +636,7 @@ struct wpa_supplicant {
 					* sa_query_count octets of pending
 					* SA Query transaction identifiers */
 		struct os_reltime sa_query_start;
+		struct os_reltime last_unprot_disconnect;
 		u8 sched_obss_scan;
 		u16 obss_scan_int;
 		u16 bss_max_idle_period;