Fix Deauth/Disassoc callback handling with test frames

The Deauth/Disassoc TX status callbacks were ending up kicking the
station entry from kernel driver when test functionality was used to
inject Deauth/Disassoc frames from the AP with the purpose of leaving
the local association in place. Fix this by using STA flags to figure
out whether there was a pending callback for the frame that we need
to act on.

In addition, add forgotten functionality for the Disassoc TX status
callback to match the behavior with Deauth.

diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index b42eafbde3dfa0e111a440728a482c57d05fb344..ef90bf9481ba6866402d17a0b51e8738d5a0a19f 100644 (file)
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -555,6 +555,7 @@ void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
        ieee802_1x_free_station(sta);
 
        sta->disassoc_reason = reason;
+       sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
        eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
        eloop_register_timeout(hapd->iface->drv_flags &
                               WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
@@ -587,6 +588,7 @@ void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
        ieee802_1x_free_station(sta);
 
        sta->deauth_reason = reason;
+       sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
        eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
        eloop_register_timeout(hapd->iface->drv_flags &
                               WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
@@ -829,6 +831,7 @@ void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
        sta->timeout_next = STA_REMOVE;
 
        sta->deauth_reason = reason;
+       sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
        eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
        eloop_register_timeout(hapd->iface->drv_flags &
                               WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
@@ -838,6 +841,11 @@ void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
 
 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
 {
+       if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
+               wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
+               return;
+       }
+       sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
        eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
        ap_sta_deauth_cb_timeout(hapd, sta);
 }
@@ -845,4 +853,11 @@ void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
 
 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
 {
+       if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
+               wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
+               return;
+       }
+       sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
+       eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
+       ap_sta_disassoc_cb_timeout(hapd, sta);
 }

diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h
index c5e916f65d48a049b7f58435ca619919f0e036ea..e0a088b10093637aa41a76829a6dfed01ef89470 100644 (file)
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -33,6 +33,8 @@
 #define WLAN_STA_WDS BIT(14)
 #define WLAN_STA_ASSOC_REQ_OK BIT(15)
 #define WLAN_STA_WPS2 BIT(16)
+#define WLAN_STA_PENDING_DISASSOC_CB BIT(29)
+#define WLAN_STA_PENDING_DEAUTH_CB BIT(30)
 #define WLAN_STA_NONERP BIT(31)
 
 /* Maximum number of supported rates (from both Supported Rates and Extended