Do not process Action frames twice in hostapd SME/MLME

Commit 88b32a99d3 added support for using
some Action frame processing in hostapd for drivers that handle most of
SME/MLME internally (it added FT, this has since be extended for SA
Query and WNM). However, this was added in a way that ended up getting
both the hostapd_rx_action() and hostapd_action_rx() called for Action
frames. This could result in an attempt to process FT, SA Query, and WNM
Action frames twice.

There is need for more significant cleanup in Action frame processing in
hostapd depending on the driver type, but as a simple step to avoid
issues, skip the hostapd_action_rx() call if hostapd_rx_action()
processed the frame.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-12-29 10:18:49 +02:00
parent 006309b546
commit 912b34f000
3 changed files with 65 additions and 45 deletions

View file

@ -632,17 +632,18 @@ static void hostapd_rx_from_unknown_sta(struct hostapd_data *hapd,
} }
static void hostapd_mgmt_rx(struct hostapd_data *hapd, struct rx_mgmt *rx_mgmt) static int hostapd_mgmt_rx(struct hostapd_data *hapd, struct rx_mgmt *rx_mgmt)
{ {
struct hostapd_iface *iface = hapd->iface; struct hostapd_iface *iface = hapd->iface;
const struct ieee80211_hdr *hdr; const struct ieee80211_hdr *hdr;
const u8 *bssid; const u8 *bssid;
struct hostapd_frame_info fi; struct hostapd_frame_info fi;
int ret;
hdr = (const struct ieee80211_hdr *) rx_mgmt->frame; hdr = (const struct ieee80211_hdr *) rx_mgmt->frame;
bssid = get_hdr_bssid(hdr, rx_mgmt->frame_len); bssid = get_hdr_bssid(hdr, rx_mgmt->frame_len);
if (bssid == NULL) if (bssid == NULL)
return; return 0;
hapd = get_hapd_bssid(iface, bssid); hapd = get_hapd_bssid(iface, bssid);
if (hapd == NULL) { if (hapd == NULL) {
@ -657,7 +658,7 @@ static void hostapd_mgmt_rx(struct hostapd_data *hapd, struct rx_mgmt *rx_mgmt)
WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON)
hapd = iface->bss[0]; hapd = iface->bss[0];
else else
return; return 0;
} }
os_memset(&fi, 0, sizeof(fi)); os_memset(&fi, 0, sizeof(fi));
@ -666,22 +667,29 @@ static void hostapd_mgmt_rx(struct hostapd_data *hapd, struct rx_mgmt *rx_mgmt)
if (hapd == HAPD_BROADCAST) { if (hapd == HAPD_BROADCAST) {
size_t i; size_t i;
for (i = 0; i < iface->num_bss; i++) ret = 0;
ieee802_11_mgmt(iface->bss[i], rx_mgmt->frame, for (i = 0; i < iface->num_bss; i++) {
rx_mgmt->frame_len, &fi); if (ieee802_11_mgmt(iface->bss[i], rx_mgmt->frame,
rx_mgmt->frame_len, &fi) > 0)
ret = 1;
}
} else } else
ieee802_11_mgmt(hapd, rx_mgmt->frame, rx_mgmt->frame_len, &fi); ret = ieee802_11_mgmt(hapd, rx_mgmt->frame, rx_mgmt->frame_len,
&fi);
random_add_randomness(&fi, sizeof(fi)); random_add_randomness(&fi, sizeof(fi));
return ret;
} }
static void hostapd_rx_action(struct hostapd_data *hapd, static int hostapd_rx_action(struct hostapd_data *hapd,
struct rx_action *rx_action) struct rx_action *rx_action)
{ {
struct rx_mgmt rx_mgmt; struct rx_mgmt rx_mgmt;
u8 *buf; u8 *buf;
struct ieee80211_hdr *hdr; struct ieee80211_hdr *hdr;
int ret;
wpa_printf(MSG_DEBUG, "EVENT_RX_ACTION DA=" MACSTR " SA=" MACSTR wpa_printf(MSG_DEBUG, "EVENT_RX_ACTION DA=" MACSTR " SA=" MACSTR
" BSSID=" MACSTR " category=%u", " BSSID=" MACSTR " category=%u",
@ -692,7 +700,7 @@ static void hostapd_rx_action(struct hostapd_data *hapd,
buf = os_zalloc(24 + 1 + rx_action->len); buf = os_zalloc(24 + 1 + rx_action->len);
if (buf == NULL) if (buf == NULL)
return; return -1;
hdr = (struct ieee80211_hdr *) buf; hdr = (struct ieee80211_hdr *) buf;
hdr->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, hdr->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
WLAN_FC_STYPE_ACTION); WLAN_FC_STYPE_ACTION);
@ -713,8 +721,10 @@ static void hostapd_rx_action(struct hostapd_data *hapd,
os_memset(&rx_mgmt, 0, sizeof(rx_mgmt)); os_memset(&rx_mgmt, 0, sizeof(rx_mgmt));
rx_mgmt.frame = buf; rx_mgmt.frame = buf;
rx_mgmt.frame_len = 24 + 1 + rx_action->len; rx_mgmt.frame_len = 24 + 1 + rx_action->len;
hostapd_mgmt_rx(hapd, &rx_mgmt); ret = hostapd_mgmt_rx(hapd, &rx_mgmt);
os_free(buf); os_free(buf);
return ret;
} }
@ -1003,7 +1013,8 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
data->rx_action.bssid == NULL) data->rx_action.bssid == NULL)
break; break;
#ifdef NEED_AP_MLME #ifdef NEED_AP_MLME
hostapd_rx_action(hapd, &data->rx_action); if (hostapd_rx_action(hapd, &data->rx_action) > 0)
break;
#endif /* NEED_AP_MLME */ #endif /* NEED_AP_MLME */
hostapd_action_rx(hapd, &data->rx_action); hostapd_action_rx(hapd, &data->rx_action);
break; break;

View file

@ -1535,7 +1535,7 @@ static void handle_beacon(struct hostapd_data *hapd,
#ifdef CONFIG_IEEE80211W #ifdef CONFIG_IEEE80211W
static void hostapd_sa_query_action(struct hostapd_data *hapd, static int hostapd_sa_query_action(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, const struct ieee80211_mgmt *mgmt,
size_t len) size_t len)
{ {
@ -1546,12 +1546,13 @@ static void hostapd_sa_query_action(struct hostapd_data *hapd,
if (((u8 *) mgmt) + len < end) { if (((u8 *) mgmt) + len < end) {
wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action "
"frame (len=%lu)", (unsigned long) len); "frame (len=%lu)", (unsigned long) len);
return; return 0;
} }
ieee802_11_sa_query_action(hapd, mgmt->sa, ieee802_11_sa_query_action(hapd, mgmt->sa,
mgmt->u.action.u.sa_query_resp.action, mgmt->u.action.u.sa_query_resp.action,
mgmt->u.action.u.sa_query_resp.trans_id); mgmt->u.action.u.sa_query_resp.trans_id);
return 1;
} }
@ -1564,13 +1565,12 @@ static int robust_action_frame(u8 category)
#ifdef CONFIG_WNM #ifdef CONFIG_WNM
static void hostapd_wnm_action(struct hostapd_data *hapd, struct sta_info *sta, static int hostapd_wnm_action(struct hostapd_data *hapd, struct sta_info *sta,
const struct ieee80211_mgmt *mgmt, const struct ieee80211_mgmt *mgmt, size_t len)
size_t len)
{ {
struct rx_action action; struct rx_action action;
if (len < IEEE80211_HDRLEN + 2) if (len < IEEE80211_HDRLEN + 2)
return; return 0;
os_memset(&action, 0, sizeof(action)); os_memset(&action, 0, sizeof(action));
action.da = mgmt->da; action.da = mgmt->da;
action.sa = mgmt->sa; action.sa = mgmt->sa;
@ -1580,11 +1580,12 @@ static void hostapd_wnm_action(struct hostapd_data *hapd, struct sta_info *sta,
action.len = len - IEEE80211_HDRLEN - 1; action.len = len - IEEE80211_HDRLEN - 1;
action.freq = hapd->iface->freq; action.freq = hapd->iface->freq;
ieee802_11_rx_wnm_action_ap(hapd, &action); ieee802_11_rx_wnm_action_ap(hapd, &action);
return 1;
} }
#endif /* CONFIG_WNM */ #endif /* CONFIG_WNM */
static void handle_action(struct hostapd_data *hapd, static int handle_action(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len) const struct ieee80211_mgmt *mgmt, size_t len)
{ {
struct sta_info *sta; struct sta_info *sta;
@ -1595,7 +1596,7 @@ static void handle_action(struct hostapd_data *hapd,
HOSTAPD_LEVEL_DEBUG, HOSTAPD_LEVEL_DEBUG,
"handle_action - too short payload (len=%lu)", "handle_action - too short payload (len=%lu)",
(unsigned long) len); (unsigned long) len);
return; return 0;
} }
if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
@ -1603,7 +1604,7 @@ static void handle_action(struct hostapd_data *hapd,
wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
"frame (category=%u) from unassociated STA " MACSTR, "frame (category=%u) from unassociated STA " MACSTR,
MAC2STR(mgmt->sa), mgmt->u.action.category); MAC2STR(mgmt->sa), mgmt->u.action.category);
return; return 0;
} }
#ifdef CONFIG_IEEE80211W #ifdef CONFIG_IEEE80211W
@ -1614,7 +1615,7 @@ static void handle_action(struct hostapd_data *hapd,
HOSTAPD_LEVEL_DEBUG, HOSTAPD_LEVEL_DEBUG,
"Dropped unprotected Robust Action frame from " "Dropped unprotected Robust Action frame from "
"an MFP STA"); "an MFP STA");
return; return 0;
} }
#endif /* CONFIG_IEEE80211W */ #endif /* CONFIG_IEEE80211W */
@ -1624,20 +1625,18 @@ static void handle_action(struct hostapd_data *hapd,
if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
len - IEEE80211_HDRLEN)) len - IEEE80211_HDRLEN))
break; break;
return; return 1;
#endif /* CONFIG_IEEE80211R */ #endif /* CONFIG_IEEE80211R */
case WLAN_ACTION_WMM: case WLAN_ACTION_WMM:
hostapd_wmm_action(hapd, mgmt, len); hostapd_wmm_action(hapd, mgmt, len);
return; return 1;
#ifdef CONFIG_IEEE80211W #ifdef CONFIG_IEEE80211W
case WLAN_ACTION_SA_QUERY: case WLAN_ACTION_SA_QUERY:
hostapd_sa_query_action(hapd, mgmt, len); return hostapd_sa_query_action(hapd, mgmt, len);
return;
#endif /* CONFIG_IEEE80211W */ #endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_WNM #ifdef CONFIG_WNM
case WLAN_ACTION_WNM: case WLAN_ACTION_WNM:
hostapd_wnm_action(hapd, sta, mgmt, len); return hostapd_wnm_action(hapd, sta, mgmt, len);
return;
#endif /* CONFIG_WNM */ #endif /* CONFIG_WNM */
case WLAN_ACTION_PUBLIC: case WLAN_ACTION_PUBLIC:
if (hapd->public_action_cb) { if (hapd->public_action_cb) {
@ -1651,14 +1650,14 @@ static void handle_action(struct hostapd_data *hapd,
hapd->iface->freq); hapd->iface->freq);
} }
if (hapd->public_action_cb || hapd->public_action_cb2) if (hapd->public_action_cb || hapd->public_action_cb2)
return; return 1;
break; break;
case WLAN_ACTION_VENDOR_SPECIFIC: case WLAN_ACTION_VENDOR_SPECIFIC:
if (hapd->vendor_action_cb) { if (hapd->vendor_action_cb) {
if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx,
(u8 *) mgmt, len, (u8 *) mgmt, len,
hapd->iface->freq) == 0) hapd->iface->freq) == 0)
return; return 1;
} }
break; break;
} }
@ -1681,7 +1680,7 @@ static void handle_action(struct hostapd_data *hapd,
"frame back to sender"); "frame back to sender");
resp = os_malloc(len); resp = os_malloc(len);
if (resp == NULL) if (resp == NULL)
return; return 0;
os_memcpy(resp, mgmt, len); os_memcpy(resp, mgmt, len);
os_memcpy(resp->da, resp->sa, ETH_ALEN); os_memcpy(resp->da, resp->sa, ETH_ALEN);
os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
@ -1694,6 +1693,8 @@ static void handle_action(struct hostapd_data *hapd,
} }
os_free(resp); os_free(resp);
} }
return 1;
} }
@ -1710,12 +1711,13 @@ static void handle_action(struct hostapd_data *hapd,
* addition, it can be called to re-inserted pending frames (e.g., when using * addition, it can be called to re-inserted pending frames (e.g., when using
* external RADIUS server as an MAC ACL). * external RADIUS server as an MAC ACL).
*/ */
void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
struct hostapd_frame_info *fi) struct hostapd_frame_info *fi)
{ {
struct ieee80211_mgmt *mgmt; struct ieee80211_mgmt *mgmt;
int broadcast; int broadcast;
u16 fc, stype; u16 fc, stype;
int ret = 0;
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
if (hapd->ext_mgmt_frame_handling) { if (hapd->ext_mgmt_frame_handling) {
@ -1726,12 +1728,12 @@ void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-RX %s", hex); wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-RX %s", hex);
os_free(hex); os_free(hex);
} }
return; return 1;
} }
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
if (len < 24) if (len < 24)
return; return 0;
mgmt = (struct ieee80211_mgmt *) buf; mgmt = (struct ieee80211_mgmt *) buf;
fc = le_to_host16(mgmt->frame_control); fc = le_to_host16(mgmt->frame_control);
@ -1739,7 +1741,7 @@ void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
if (stype == WLAN_FC_STYPE_BEACON) { if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi); handle_beacon(hapd, mgmt, len, fi);
return; return 1;
} }
broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff &&
@ -1755,13 +1757,13 @@ void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) {
wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address", wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address",
MAC2STR(mgmt->bssid)); MAC2STR(mgmt->bssid));
return; return 0;
} }
if (stype == WLAN_FC_STYPE_PROBE_REQ) { if (stype == WLAN_FC_STYPE_PROBE_REQ) {
handle_probe_req(hapd, mgmt, len, fi->ssi_signal); handle_probe_req(hapd, mgmt, len, fi->ssi_signal);
return; return 1;
} }
if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) {
@ -1769,33 +1771,38 @@ void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
HOSTAPD_LEVEL_DEBUG, HOSTAPD_LEVEL_DEBUG,
"MGMT: DA=" MACSTR " not our address", "MGMT: DA=" MACSTR " not our address",
MAC2STR(mgmt->da)); MAC2STR(mgmt->da));
return; return 0;
} }
switch (stype) { switch (stype) {
case WLAN_FC_STYPE_AUTH: case WLAN_FC_STYPE_AUTH:
wpa_printf(MSG_DEBUG, "mgmt::auth"); wpa_printf(MSG_DEBUG, "mgmt::auth");
handle_auth(hapd, mgmt, len); handle_auth(hapd, mgmt, len);
ret = 1;
break; break;
case WLAN_FC_STYPE_ASSOC_REQ: case WLAN_FC_STYPE_ASSOC_REQ:
wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
handle_assoc(hapd, mgmt, len, 0); handle_assoc(hapd, mgmt, len, 0);
ret = 1;
break; break;
case WLAN_FC_STYPE_REASSOC_REQ: case WLAN_FC_STYPE_REASSOC_REQ:
wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
handle_assoc(hapd, mgmt, len, 1); handle_assoc(hapd, mgmt, len, 1);
ret = 1;
break; break;
case WLAN_FC_STYPE_DISASSOC: case WLAN_FC_STYPE_DISASSOC:
wpa_printf(MSG_DEBUG, "mgmt::disassoc"); wpa_printf(MSG_DEBUG, "mgmt::disassoc");
handle_disassoc(hapd, mgmt, len); handle_disassoc(hapd, mgmt, len);
ret = 1;
break; break;
case WLAN_FC_STYPE_DEAUTH: case WLAN_FC_STYPE_DEAUTH:
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth");
handle_deauth(hapd, mgmt, len); handle_deauth(hapd, mgmt, len);
ret = 1;
break; break;
case WLAN_FC_STYPE_ACTION: case WLAN_FC_STYPE_ACTION:
wpa_printf(MSG_DEBUG, "mgmt::action"); wpa_printf(MSG_DEBUG, "mgmt::action");
handle_action(hapd, mgmt, len); ret = handle_action(hapd, mgmt, len);
break; break;
default: default:
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
@ -1803,6 +1810,8 @@ void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
"unknown mgmt frame subtype %d", stype); "unknown mgmt frame subtype %d", stype);
break; break;
} }
return ret;
} }

View file

@ -15,7 +15,7 @@ struct sta_info;
struct hostapd_frame_info; struct hostapd_frame_info;
struct ieee80211_ht_capabilities; struct ieee80211_ht_capabilities;
void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
struct hostapd_frame_info *fi); struct hostapd_frame_info *fi);
void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len,
u16 stype, int ok); u16 stype, int ok);