IBSS RSN: Work around Data RX vs. Authentication RX race condition

It is possible for the driver to report EAPOL frame RX before
Authentication frame RX even if the frames arrived in the opposite
order. This can result in issues in cases where both IBSS peers initiate
Authentication frame exchange at about the same time and one of the
EAPOL sessions is started before processing Authentication frame seq=1
RX. Work around this by not re-initializing EAPOL state on
Authentication (SEQ=1) RX if own Authentication frame was transmitted
within last 500 ms.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/ibss_rsn.c b/wpa_supplicant/ibss_rsn.c
index b694bdec611882b033d7273e6a286ce2ddd7258a..55b9ae7a06b90b59be0676b4287d3e292116edcb 100644 (file)
--- a/wpa_supplicant/ibss_rsn.c
+++ b/wpa_supplicant/ibss_rsn.c
@@ -566,6 +566,8 @@ int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr)
                 */
                peer->authentication_status |= IBSS_RSN_AUTH_BY_US;
                return ibss_rsn_auth_init(ibss_rsn, peer);
+       } else {
+               os_get_time(&peer->own_auth_tx);
        }
 
        return 0;
@@ -807,6 +809,16 @@ static void ibss_rsn_handle_auth_1_of_2(struct ibss_rsn *ibss_rsn,
 
        if (peer &&
            peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) {
+               if (peer->own_auth_tx.sec) {
+                       struct os_time now, diff;
+                       os_get_time(&now);
+                       os_time_sub(&now, &peer->own_auth_tx, &diff);
+                       if (diff.sec == 0 && diff.usec < 500000) {
+                               wpa_printf(MSG_DEBUG, "RSN: Skip IBSS reinit since only %u usec from own Auth frame TX",
+                                          (int) diff.usec);
+                               goto skip_reinit;
+                       }
+               }
                /*
                 * A peer sent us an Authentication frame even though it already
                 * started an EAPOL session. We should reinit state machines
@@ -829,6 +841,7 @@ static void ibss_rsn_handle_auth_1_of_2(struct ibss_rsn *ibss_rsn,
                           MAC2STR(addr));
        }
 
+skip_reinit:
        /* reply with an Authentication frame now, before sending an EAPOL */
        ibss_rsn_send_auth(ibss_rsn, addr, 2);
        /* no need to start another AUTH challenge in the other way.. */

diff --git a/wpa_supplicant/ibss_rsn.h b/wpa_supplicant/ibss_rsn.h
index 6b89f7a95ff6f1b52eabf836e4c87d3c61f532d6..3089283fd4dfed636e77d9fd16e572a6db180400 100644 (file)
--- a/wpa_supplicant/ibss_rsn.h
+++ b/wpa_supplicant/ibss_rsn.h
@@ -39,6 +39,8 @@ struct ibss_rsn_peer {
 
        struct wpa_state_machine *auth;
        int authentication_status;
+
+       struct os_time own_auth_tx;
 };
 
 struct ibss_rsn {