FILS: Do not process FILS HLP request again while previous one is pending

It is better not to process a new (most likely repeated) FILS HLP
request if a station retransmits (Re)Association Request frame before
the previous HLP response has either been received or timed out. The
previous implementation ended up doing this and also ended up
rescheduling the fils_hlp_timeout timer in a manner that prevented the
initial timeout from being reached if the STA continued retransmitting
the frame. This could result in failed association due to a timeout on
the station side.

Make this more robust by processing (and relaying to the server) the HLP
request once and then ignoring any new HLP request while the response
for the relayed request is still pending. The new (Re)Association
Request frames are otherwise processed, but they do not result in actual
state change on the AP side before the HLP process from the first
pending request is completed.

This fixes hwsim test case fils_sk_hlp_oom failures with unmodified
mac80211 implementation (i.e., with a relatively short retransmission
timeout for (Re)Association Request frame).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/fils_hlp.c b/src/ap/fils_hlp.c
index 2a359ab03c818e7200772456247c6a7208c47643..6da514a4d0fb4f51135b80afc950c4dc713396ba 100644 (file)
--- a/src/ap/fils_hlp.c
+++ b/src/ap/fils_hlp.c
@@ -580,6 +580,19 @@ int fils_process_hlp(struct hostapd_data *hapd, struct sta_info *sta,
        u8 *tmp, *tmp_pos;
        int ret = 0;
 
+       if (sta->fils_pending_assoc_req &&
+           eloop_is_timeout_registered(fils_hlp_timeout, hapd, sta)) {
+               /* Do not process FILS HLP request again if the station
+                * retransmits (Re)Association Request frame before the previous
+                * HLP response has either been received or timed out. */
+               wpa_printf(MSG_DEBUG,
+                          "FILS: Do not relay another HLP request from "
+                          MACSTR
+                          " before processing of the already pending one has been completed",
+                          MAC2STR(sta->addr));
+               return 1;
+       }
+
        /* Old DHCPDISCOVER is not needed anymore, if it was still pending */
        wpabuf_free(sta->hlp_dhcp_discover);
        sta->hlp_dhcp_discover = NULL;

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index f9bb99d985495ab25a9c7a1674bfcdb1cd9dfe56..84c8b17d4697ef5066f1a87de33034191d3f7d85 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3554,6 +3554,19 @@ static void handle_assoc(struct hostapd_data *hapd,
                resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
 
 #ifdef CONFIG_FILS
+       if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS &&
+           eloop_is_timeout_registered(fils_hlp_timeout, hapd, sta) &&
+           sta->fils_pending_assoc_req) {
+               /* Do not reschedule fils_hlp_timeout in case the station
+                * retransmits (Re)Association Request frame while waiting for
+                * the previously started FILS HLP wait, so that the timeout can
+                * be determined from the first pending attempt. */
+               wpa_printf(MSG_DEBUG,
+                          "FILS: Continue waiting for HLP processing before sending (Re)Association Response frame to "
+                          MACSTR, MAC2STR(sta->addr));
+               os_free(tmp);
+               return;
+       }
        if (sta) {
                eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
                os_free(sta->fils_pending_assoc_req);