From 16cf438a1eca2b7206bd7ac7763637c2a87c00c6 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 24 Apr 2009 15:15:25 +0200 Subject: mac80211: fix probe response processing Due to the use of a _REQ_DIRECT_PROBE bit, which is unnecessary (and I wonder why it was done that way), an interesting situation can arise: 1) we try to probe an access point 2) the AP doesn't response in time 3) we tell userspace that we gave up 4) the AP suddenly responds 5) we auth/assoc with the AP I've seen 4) happen in testing with hostapd SIGSTOPped, and when SIGCONTinued it processes the probe requests that came in and send responses. But 5) is not supposed to happen after we tell everybody we've given up on the AP. To fix this, remove the _REQ_DIRECT_PROBE request bit, and process probe responses when we're in the relevant MLME state, namely IEEE80211_STA_MLME_DIRECT_PROBE. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/mlme.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'net/mac80211/mlme.c') diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 30a0034b9124..2ded4766d014 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -915,8 +915,6 @@ static void ieee80211_direct_probe(struct ieee80211_sub_if_data *sdata) ifmgd->state = IEEE80211_STA_MLME_DIRECT_PROBE; - set_bit(IEEE80211_STA_REQ_DIRECT_PROBE, &ifmgd->request); - /* Direct probe is sent to broadcast address as some APs * will not answer to direct packet in unassociated state. */ @@ -1738,8 +1736,7 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false); /* direct probe may be part of the association flow */ - if (test_and_clear_bit(IEEE80211_STA_REQ_DIRECT_PROBE, - &ifmgd->request)) { + if (ifmgd->state == IEEE80211_STA_MLME_DIRECT_PROBE) { printk(KERN_DEBUG "%s direct probe responded\n", sdata->dev->name); ieee80211_authenticate(sdata); -- cgit v1.2.3