Rate limit SA Query procedure initiation on unprotected disconnect

There is no need to trigger new SA Query procedure to check the state of
the connection immediately after having performed such a check. Limit
the impact of burst of unprotected Deauth/Disassoc frames by starting a
new SA Query procedure only once at least 10 seconds has passed from the
previous SA Query that was triggered by reception of an unprotected
disconnection. The first SA Query procedure for each association does
not follow this rule to avoid issues with test cases that expect to see
an SA Query every time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2014-06-19 20:56:32 +03:00 committed by Jouni Malinen
parent 4075e2fe77
commit 3302b7c29f
3 changed files with 9 additions and 0 deletions

View File

@ -1923,6 +1923,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
#ifdef CONFIG_SME #ifdef CONFIG_SME
os_memcpy(wpa_s->sme.prev_bssid, bssid, ETH_ALEN); os_memcpy(wpa_s->sme.prev_bssid, bssid, ETH_ALEN);
wpa_s->sme.prev_bssid_set = 1; wpa_s->sme.prev_bssid_set = 1;
wpa_s->sme.last_unprot_disconnect.sec = 0;
#endif /* CONFIG_SME */ #endif /* CONFIG_SME */
wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid)); wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid));

View File

@ -1344,6 +1344,7 @@ void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
const u8 *da, u16 reason_code) const u8 *da, u16 reason_code)
{ {
struct wpa_ssid *ssid; struct wpa_ssid *ssid;
struct os_reltime now;
if (wpa_s->wpa_state != WPA_COMPLETED) if (wpa_s->wpa_state != WPA_COMPLETED)
return; return;
@ -1360,6 +1361,12 @@ void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
if (wpa_s->sme.sa_query_count > 0) if (wpa_s->sme.sa_query_count > 0)
return; return;
os_get_reltime(&now);
if (wpa_s->sme.last_unprot_disconnect.sec &&
!os_reltime_expired(&now, &wpa_s->sme.last_unprot_disconnect, 10))
return; /* limit SA Query procedure frequency */
wpa_s->sme.last_unprot_disconnect = now;
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - " wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - "
"possible AP/STA state mismatch - trigger SA Query"); "possible AP/STA state mismatch - trigger SA Query");
sme_start_sa_query(wpa_s); sme_start_sa_query(wpa_s);

View File

@ -636,6 +636,7 @@ struct wpa_supplicant {
* sa_query_count octets of pending * sa_query_count octets of pending
* SA Query transaction identifiers */ * SA Query transaction identifiers */
struct os_reltime sa_query_start; struct os_reltime sa_query_start;
struct os_reltime last_unprot_disconnect;
u8 sched_obss_scan; u8 sched_obss_scan;
u16 obss_scan_int; u16 obss_scan_int;
u16 bss_max_idle_period; u16 bss_max_idle_period;