mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
P2P: Only schedule a single p2p_go_neg_start timeout at a time
It is possible for the driver to indicate multiple Probe Request frames that would be processed in a single loop. If those frames happen to be from a peer which with we are trying to start GO Negotiation, multiple timeouts to start GO Negotiation (p2p_go_neg_start) could end up being scheduled. This would result in confusing burst of multiple GO Negotiation Request frames being sent once the RX loop finally concludes. Avoid this by scheduling only a single eloop timeout to trigger GO Negotiation regardless of how many Probe Request frames from the peer is received. In addition, make sure this timeout gets canceled in p2p_deinit(). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
c03e2113b6
commit
8cee87ab13
@ -2172,6 +2172,7 @@ p2p_probe_req_rx(struct p2p_data *p2p, const u8 *addr, const u8 *dst,
|
|||||||
wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
|
wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
|
||||||
"P2P: Found GO Negotiation peer - try to start GO "
|
"P2P: Found GO Negotiation peer - try to start GO "
|
||||||
"negotiation from timeout");
|
"negotiation from timeout");
|
||||||
|
eloop_cancel_timeout(p2p_go_neg_start, p2p, NULL);
|
||||||
eloop_register_timeout(0, 0, p2p_go_neg_start, p2p, NULL);
|
eloop_register_timeout(0, 0, p2p_go_neg_start, p2p, NULL);
|
||||||
return P2P_PREQ_PROCESSED;
|
return P2P_PREQ_PROCESSED;
|
||||||
}
|
}
|
||||||
@ -2476,6 +2477,7 @@ void p2p_deinit(struct p2p_data *p2p)
|
|||||||
eloop_cancel_timeout(p2p_expiration_timeout, p2p, NULL);
|
eloop_cancel_timeout(p2p_expiration_timeout, p2p, NULL);
|
||||||
eloop_cancel_timeout(p2p_ext_listen_timeout, p2p, NULL);
|
eloop_cancel_timeout(p2p_ext_listen_timeout, p2p, NULL);
|
||||||
eloop_cancel_timeout(p2p_scan_timeout, p2p, NULL);
|
eloop_cancel_timeout(p2p_scan_timeout, p2p, NULL);
|
||||||
|
eloop_cancel_timeout(p2p_go_neg_start, p2p, NULL);
|
||||||
p2p_flush(p2p);
|
p2p_flush(p2p);
|
||||||
p2p_free_req_dev_types(p2p);
|
p2p_free_req_dev_types(p2p);
|
||||||
os_free(p2p->cfg->dev_name);
|
os_free(p2p->cfg->dev_name);
|
||||||
|
Loading…
Reference in New Issue
Block a user