[PATCH] Ignore "DEAUTH" messages from APs we are not associated to

Paul Stewart pstew at google.com
Wed Aug 4 15:08:55 EDT 2010


It depends on what effect you're looking for. :-)  This function sets
drv->associated to 0, meaning before the patch we receive a DEAUTH
frame from anyone, we become disassociated from everyone.  This
includes the current SSID association, the previous one, wherever we
have pre-associated to as well as any random host that sends us a
deauth.  If you look at the implementation of wpa_supplicant_event()
in wpa_priv.c you'll also see that the bssid is disregarded there as
well for EVENT_DISASSOC.  I think like bumping ourselves offline
should only happen if we were deauthed/disassociated from the AP that
we're currently online through.

--
Paul

On Tue, Aug 3, 2010 at 10:37 PM, Dan Williams <dcbw at redhat.com> wrote:
> On Fri, 2010-07-30 at 11:52 -0700, Paul Stewart wrote:
>> DEAUTH messages can come from a number of different sources. The one
>> that's hurting us currently is DEAUTH netlink messages coming to us
>> from compat-wireless in response to local_state_change DEAUTH messages
>> we sent as a part of cleaning up state in driver_nl80211's
>> clear_state_mismatch() function. However, DEAUTH messages can come
>> from a variety of unwanted sources, including directed denial-of-service
>> attacks (although MAC verification doesn't place that high a barrier),
>> so this validation is actually generically useful, I think.
>>
>> The downside to this method is that without a kernel based approach
>> "iw dev wlan0 link" no longer works correctly after clear_state_mismatch()
>> is done.  This will be pursued with the kernel folks.
>
> Does this patch have any effect on APs that we may have
> pre-authenticated to that decide to drop us for some reason?  I have no
> idea, but just a thought.
>
> Dan
>
>>
>>
>> diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
>> index a1233274cadf2262bcbcc181be01974217bd3394..d13f3138d310843df8cc05db81837af2f840e7e4
>> 100644
>> --- a/src/drivers/driver_nl80211.c
>> +++ b/src/drivers/driver_nl80211.c
>> @@ -702,12 +702,28 @@ static void mlme_event_deauth_disassoc(struct
>> wpa_driver_nl80211_data *drv,
>>       const u8 *bssid = NULL;
>>       u16 reason_code = 0;
>>
>> +     mgmt = (const struct ieee80211_mgmt *) frame;
>> +     if (len >= 24) {
>> +             bssid = mgmt->bssid;
>> +
>> +             if (drv->associated != 0 &&
>> +                 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
>> +                 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
>> +                     /*
>> +                      * We have presumably received this deauth as a
>> +                      * response to a clear_state_mismatch() outgoing
>> +                      * deauth.  Don't let it take us offline!
>> +                      */
>> +                     wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
>> +                                "from Unknown BSSID " MACSTR " -- ignoring",
>> +                                MAC2STR(bssid));
>> +                     return;
>> +             }
>> +     }
>> +
>>       drv->associated = 0;
>>       os_memset(&event, 0, sizeof(event));
>>
>> -     mgmt = (const struct ieee80211_mgmt *) frame;
>> -     if (len >= 24)
>> -             bssid = mgmt->bssid;
>>       /* Note: Same offset for Reason Code in both frame subtypes */
>>       if (len >= 24 + sizeof(mgmt->u.deauth))
>>               reason_code = le_to_host16(mgmt->u.deauth.reason_code);
>>
>> --
>> Paul
>> _______________________________________________
>> HostAP mailing list
>> HostAP at lists.shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>
>
>


More information about the HostAP mailing list