Fix offchannel TX not to retransmit pending frame on callback

If the offchannel TX frame command was offloaded to the driver in
offchannel_send_action(), we must not send another copy of the frame if
a remain-on-channel event happens to be delivered between this TX
command and the matching TX status event. It was possible for the
duplicated frame to cause problems, e.g., with P2P invitation exchange
if the same Invitation Request frame got sent twice and only the first
one getting accepted by the peer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2014-06-03 15:35:01 +03:00 committed by Jouni Malinen
parent 95b6bca66d
commit d4b951f31b
2 changed files with 12 additions and 5 deletions

View file

@ -55,11 +55,12 @@ static void wpas_send_action_cb(void *eloop_ctx, void *timeout_ctx)
without_roc = wpa_s->pending_action_without_roc; without_roc = wpa_s->pending_action_without_roc;
wpa_s->pending_action_without_roc = 0; wpa_s->pending_action_without_roc = 0;
wpa_printf(MSG_DEBUG, "Off-channel: Send Action callback " wpa_printf(MSG_DEBUG,
"(without_roc=%d pending_action_tx=%p)", "Off-channel: Send Action callback (without_roc=%d pending_action_tx=%p pending_action_tx_done=%d)",
without_roc, wpa_s->pending_action_tx); without_roc, wpa_s->pending_action_tx,
!!wpa_s->pending_action_tx_done);
if (wpa_s->pending_action_tx == NULL) if (wpa_s->pending_action_tx == NULL || wpa_s->pending_action_tx_done)
return; return;
/* /*
@ -235,6 +236,7 @@ int offchannel_send_action(struct wpa_supplicant *wpa_s, unsigned int freq,
MAC2STR(wpa_s->pending_action_dst)); MAC2STR(wpa_s->pending_action_dst));
wpabuf_free(wpa_s->pending_action_tx); wpabuf_free(wpa_s->pending_action_tx);
} }
wpa_s->pending_action_tx_done = 0;
wpa_s->pending_action_tx = wpabuf_alloc(len); wpa_s->pending_action_tx = wpabuf_alloc(len);
if (wpa_s->pending_action_tx == NULL) { if (wpa_s->pending_action_tx == NULL) {
wpa_printf(MSG_DEBUG, "Off-channel: Failed to allocate Action " wpa_printf(MSG_DEBUG, "Off-channel: Failed to allocate Action "
@ -251,18 +253,22 @@ int offchannel_send_action(struct wpa_supplicant *wpa_s, unsigned int freq,
if (freq != 0 && wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) { if (freq != 0 && wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) {
struct wpa_supplicant *iface; struct wpa_supplicant *iface;
int ret;
iface = wpas_get_tx_interface(wpa_s, iface = wpas_get_tx_interface(wpa_s,
wpa_s->pending_action_src); wpa_s->pending_action_src);
wpa_s->action_tx_wait_time = wait_time; wpa_s->action_tx_wait_time = wait_time;
return wpa_drv_send_action( ret = wpa_drv_send_action(
iface, wpa_s->pending_action_freq, iface, wpa_s->pending_action_freq,
wait_time, wpa_s->pending_action_dst, wait_time, wpa_s->pending_action_dst,
wpa_s->pending_action_src, wpa_s->pending_action_bssid, wpa_s->pending_action_src, wpa_s->pending_action_bssid,
wpabuf_head(wpa_s->pending_action_tx), wpabuf_head(wpa_s->pending_action_tx),
wpabuf_len(wpa_s->pending_action_tx), wpabuf_len(wpa_s->pending_action_tx),
wpa_s->pending_action_no_cck); wpa_s->pending_action_no_cck);
if (ret == 0)
wpa_s->pending_action_tx_done = 1;
return ret;
} }
if (freq) { if (freq) {

View file

@ -654,6 +654,7 @@ struct wpa_supplicant {
unsigned int pending_action_freq; unsigned int pending_action_freq;
int pending_action_no_cck; int pending_action_no_cck;
int pending_action_without_roc; int pending_action_without_roc;
unsigned int pending_action_tx_done:1;
void (*pending_action_tx_status_cb)(struct wpa_supplicant *wpa_s, void (*pending_action_tx_status_cb)(struct wpa_supplicant *wpa_s,
unsigned int freq, const u8 *dst, unsigned int freq, const u8 *dst,
const u8 *src, const u8 *bssid, const u8 *src, const u8 *bssid,