[PATCH v2 1/3] netdev: better handle associate timeouts with auth_protos

[PATCH v2 1/3] netdev: better handle associate timeouts with auth_protos

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 1313 bytes --]

Any auth proto which did not implement the assoc_timeout handler
could end up getting 'stuck' forever if there was an associate
timeout. This is because in the event of an associate timeout IWD
only sets a few flags and relies on the connect event to actually
handle the failure. The problem is a connect event never comes
if the failure was a timeout.

To fix this we can explicitly fail the connection if the auth
proto has not implemented assoc_timeout or if it returns false.
---
 src/netdev.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

v2:
 * Moved the failure into the actual timeout case as the
   connect event *does* come unless there was a timeout

diff --git a/src/netdev.c b/src/netdev.c
index 8d3f4a08..fcbb7d88 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -2280,7 +2280,15 @@ static void netdev_associate_event(struct l_genl_msg *msg,
 			if (auth_proto_assoc_timeout(netdev->ap))
 				return;
 
-			goto assoc_failed;
+			/*
+			 * There will be no connect event when Associate times
+			 * out. The failed connection must be explicitly
+			 * initiated here.
+			 */
+			netdev_connect_failed(netdev,
+					NETDEV_RESULT_ASSOCIATION_FAILED,
+					status_code);
+			return;
 
 		case NL80211_ATTR_FRAME:
 			frame = data;
-- 
2.26.2

[PATCH v2 2/3] sae: add counter for associate retries

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 1865 bytes --]

If there is an associate timeout, retry a few times in case
it was just a fluke. At this point SAE is fully negotiated
so it makes sense to attempt to save the connection.
---
 src/sae.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/sae.c b/src/sae.c
index ade5e24c..b6cc0b15 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -37,6 +37,7 @@
 
 #define SAE_RETRANSMIT_TIMEOUT	2
 #define SAE_SYNC_MAX		3
+#define SAE_MAX_ASSOC_RETRY	3
 
 enum sae_state {
 	SAE_STATE_NOTHING = 0,
@@ -73,6 +74,7 @@ struct sae_sm {
 	uint16_t rc;
 	/* remote peer */
 	uint8_t peer[6];
+	uint8_t assoc_retry;
 
 	sae_tx_authenticate_func_t tx_auth;
 	sae_tx_associate_func_t tx_assoc;
@@ -670,7 +672,7 @@ static bool sae_send_commit(struct sae_sm *sm, bool retry)
 	return true;
 }
 
-static bool sae_timeout(struct auth_proto *ap)
+static bool sae_auth_timeout(struct auth_proto *ap)
 {
 	struct sae_sm *sm = l_container_of(ap, struct sae_sm, ap);
 
@@ -699,6 +701,20 @@ static bool sae_timeout(struct auth_proto *ap)
 	return true;
 }
 
+static bool sae_assoc_timeout(struct auth_proto *ap)
+{
+	struct sae_sm *sm = l_container_of(ap, struct sae_sm, ap);
+
+	if (sm->assoc_retry >= SAE_MAX_ASSOC_RETRY)
+		return false;
+
+	sm->assoc_retry++;
+
+	sm->tx_assoc(sm->user_data);
+
+	return true;
+}
+
 /*
  * 802.11-2016 - Section 12.4.8.6.4
  * If the Status code is ANTI_CLOGGING_TOKEN_REQUIRED, a new SAE Commit message
@@ -1178,7 +1194,8 @@ struct auth_proto *sae_sm_new(struct handshake_state *hs,
 	sm->ap.free = sae_free;
 	sm->ap.rx_authenticate = sae_rx_authenticate;
 	sm->ap.rx_associate = sae_rx_associate;
-	sm->ap.auth_timeout = sae_timeout;
+	sm->ap.auth_timeout = sae_auth_timeout;
+	sm->ap.assoc_timeout = sae_assoc_timeout;
 
 	return &sm->ap;
 }
-- 
2.26.2

[PATCH v2 3/3] netdev: remove unneeded goto/return code

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 632 bytes --]

All possible paths led to the same result so it was
simplified to remove two goto's and a return call.
---
 src/netdev.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index fcbb7d88..914f6479 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -2234,12 +2234,7 @@ static void netdev_authenticate_event(struct l_genl_msg *msg,
 			return;
 		else if (ret > 0)
 			status_code = (uint16_t)ret;
-
-		goto auth_error;
-	} else
-		goto auth_error;
-
-	return;
+	}
 
 auth_error:
 	netdev_connect_failed(netdev, NETDEV_RESULT_AUTHENTICATION_FAILED,
-- 
2.26.2

Re: [PATCH v2 1/3] netdev: better handle associate timeouts with auth_protos

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 833 bytes --]

Hi James,

On 3/29/21 3:43 PM, James Prestwood wrote:
> Any auth proto which did not implement the assoc_timeout handler
> could end up getting 'stuck' forever if there was an associate
> timeout. This is because in the event of an associate timeout IWD
> only sets a few flags and relies on the connect event to actually
> handle the failure. The problem is a connect event never comes
> if the failure was a timeout.
> 
> To fix this we can explicitly fail the connection if the auth
> proto has not implemented assoc_timeout or if it returns false.
> ---
>   src/netdev.c | 10 +++++++++-
>   1 file changed, 9 insertions(+), 1 deletion(-)
> 
> v2:
>   * Moved the failure into the actual timeout case as the
>     connect event *does* come unless there was a timeout
> 

Applied, thanks.

Regards,
-Denis