From patchwork Tue Sep 3 00:00:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Herbert X-Patchwork-Id: 1979795 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=nb+knjUz; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=morsemicro-com.20230601.gappssmtp.com header.i=@morsemicro-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=2YgRPwzo; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WyQkh5wqdz1yfv for ; Tue, 3 Sep 2024 10:01:00 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=9g5E54iKs49H6rHekcZww9B9jhqQ1/mETT/htP+cdHY=; b=nb+knjUzdEAdac 4EkXBpeXzpxYdPmFIZMTNG+o8KXqDJ4hlMi8cNrapJFSwQBIzFnIljGnAmjqeCQ5Fc9MfOKkKSaki 4u13QW1DFdd/coTQDiWqDQe2X4ii4xlD76lNzQ7O6OWCMw5jdDFgwShMFV54WoJ53q+V5SOqOzDNF vxxgh2gMbbQK4VMESSk4syx8FbhzQi9texpH/k462/R5ZTkgOQdTz/dCJ6kQLcySxMSrKTbVLopnI +4J7iHwtuXjlVHy0VpQwfa/EyBhpPHJpqgwEgivKi3zqPJWKzaMOUJ5nRdrYOtvkGCBbCgsSbEDj3 D2vuwva5jJIw0UHlHBUg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1slGyE-0000000Fp7d-1Ir4; Tue, 03 Sep 2024 00:00:30 +0000 Received: from mail-pf1-x444.google.com ([2607:f8b0:4864:20::444]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1slGyA-0000000Fp78-3WJK for hostap@lists.infradead.org; Tue, 03 Sep 2024 00:00:28 +0000 Received: by mail-pf1-x444.google.com with SMTP id d2e1a72fcca58-7148912a1ebso2603657b3a.0 for ; Mon, 02 Sep 2024 17:00:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=morsemicro-com.20230601.gappssmtp.com; s=20230601; t=1725321625; x=1725926425; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=gtncRSbTFjKohP8pvCzX2T94iRB12W265p/CScykfAc=; b=2YgRPwzoO3glzQWLQ1WVHVb+9gyLFiByo0NKT2TrMotwSzpVlv2Vp/SmiUA90arvVx 3pzDDVKgdJSdfPZ1p1OGuLe6LO4xEitx/3IhySXxSLDFNqitkmHSTSP1eu7FoKDTj4u6 VzB/VRaOz5tYm/lM1QZQrcp/p6sHOFyrEpvuHmwW/IVXtqBJL2l36lD730FsNJD8AmbW FvoXcNfwF5grqR7kq49Rw7S46LlwAngNuO8E+90S0COgLiXj0rQp0S8O+YVL1HujES9Q Z3kf7Zr1dqXrl8mLPn8YBo6nrX6aSvtut8k1YhdMACw/qPiMwsB0U7pVm3HSqZKpF9Fy ErEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725321625; x=1725926425; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gtncRSbTFjKohP8pvCzX2T94iRB12W265p/CScykfAc=; b=KNBD0Vov6U2wC0CXEo3mz3WjIlUgOKBSdDUfRKzK6NnXK+8xth/e0aRv36T+P+6WSQ Q+jMUgxGoDx+lCVp2TDtOFU/FWaTn75mTDZRnnXXWpDe4Td/iO40VEHrjOuTK8vj6Wa7 P/QbSB3eXaZ4A8VuTWLnVDR6HyyoQmDN31so0QG25gqPv2iXI2D57hBRxT089CuJFrkJ gq4PNLS97aur9evhb3fFhDxxOyYgGH3TdJPAPxa12wfpW0neDbillq9ng7oBjz3BRRyv hAecTtwjk0Al95eXOKk33bm9f+wgH317CsUUDZEP+o7UIAvqhPWP4dNqSA9xYjyFuOkF D26Q== X-Gm-Message-State: AOJu0YxbV0SEcFHPhpvjgpDEw/a/mbKxdJnXsM1SClOU7wjl99ekzAHh LwRzuve/MjTiQu6KyX0Gvfo9fOyvHaBib/UYF1OFkhhoozchZ9DTdri/BQhN/c1+kJ+ZF+yAdk/ bFyjVdq05 X-Google-Smtp-Source: AGHT+IEekmuyTdjjvlo2sw8UKv/tq1L/l2U0mV+6yRtfQzkoY5dKsXB4YwxV6eYEkVSygkA6LEtr6w== X-Received: by 2002:a05:6a20:4388:b0:1cc:e489:292c with SMTP id adf61e73a8af0-1ced053bc04mr9760137637.38.1725321625318; Mon, 02 Sep 2024 17:00:25 -0700 (PDT) Received: from localhost.localdomain (60-242-93-14.static.tpgi.com.au. [60.242.93.14]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7d22e7423c2sm7884804a12.17.2024.09.02.17.00.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Sep 2024 17:00:24 -0700 (PDT) From: James Herbert To: hostap@lists.infradead.org Cc: James Herbert Subject: [PATCH] Use SA Query for 4-way handshake timeout Date: Tue, 3 Sep 2024 10:00:09 +1000 Message-Id: <20240903000009.632642-1-james.herbert@morsemicro.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240902_170026_951080_42D848E9 X-CRM114-Status: GOOD ( 12.20 ) X-Spam-Score: -1.9 (-) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When an AP fails to receive message 4 of the 4-way handshake, the station has completed association but the AP has not. The AP sends an unprotected deauth frame to the station with a reason code of WL [...] Content analysis details: (-1.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:444 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 T_SCC_BODY_TEXT_LINE No description available. X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org When an AP fails to receive message 4 of the 4-way handshake, the station has completed association but the AP has not. The AP sends an unprotected deauth frame to the station with a reason code of WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT, but the station's WPA state is WPA_COMPLETED so it ignores unprotected deauth frames that do not have a reason code of WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA or WLAN_REASON_CLASS3_FRAME_FROM_NONAUTH_STA. The station becomes stuck in an invalid state. Add WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT to the list of reason codes for deauth frames that can be verified by using SA Query. Signed-off-by: James Herbert --- wpa_supplicant/sme.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index 9b083cddd..6a335b5cb 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -3497,7 +3497,8 @@ void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa, if (!ether_addr_equal(sa, wpa_s->bssid)) return; if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA && - reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA) + reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA && + reason_code != WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT) return; if (wpa_s->sme.sa_query_count > 0) return;