rpms/wpa_supplicant/devel wpa_supplicant-0.6.9-eapol-race-fix.patch, NONE, 1.1 wpa_supplicant-0.6.9-scan-faster.patch, NONE, 1.1 wpa_supplicant-0.5.10-dbus-service-file.patch, 1.1, 1.2 wpa_supplicant.spec, 1.61, 1.62 wpa_supplicant.sysconfig, 1.5, 1.6

Daniel Williams dcbw at fedoraproject.org
Sun Nov 29 23:46:04 UTC 2009


Author: dcbw

Update of /cvs/extras/rpms/wpa_supplicant/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18285

Modified Files:
	wpa_supplicant-0.5.10-dbus-service-file.patch 
	wpa_supplicant.spec wpa_supplicant.sysconfig 
Added Files:
	wpa_supplicant-0.6.9-eapol-race-fix.patch 
	wpa_supplicant-0.6.9-scan-faster.patch 
Log Message:
* Sun Nov 29 2009 Dan Williams <dcbw at redhat.com> - 1:0.6.8-7
- Fix supplicant initscript return value (rh #521807)
- Fix race when connecting to WPA-Enterprise/802.1x-enabled access points (rh #508509)
- Don't double-scan when attempting to associate



wpa_supplicant-0.6.9-eapol-race-fix.patch:
 events.c           |   19 +++++++++++++++++++
 wpa_supplicant.c   |   24 ++++++++++++++++++++++++
 wpa_supplicant_i.h |    4 ++++
 3 files changed, 47 insertions(+)

--- NEW FILE wpa_supplicant-0.6.9-eapol-race-fix.patch ---
From: Jouni Malinen <jouni.malinen at atheros.com>
Date: Fri, 4 Sep 2009 15:04:41 +0000 (+0300)
Subject: Delay processing of EAPOL frames when not associated
X-Git-Url: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff_plain;h=1ff733383f3d5c73233ef452a738765667021609

Delay processing of EAPOL frames when not associated

If an EAPOL frame is received while wpa_supplicant thinks the driver is
not associated, queue the frame for processing at the moment when the
association event is received. This is a workaround to a race condition
in receiving data frames and management events from the kernel.

The pending EAPOL frame will not be processed unless an association
event is received within 100 msec for the same BSSID.
---

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index e5e799d..2ea9279 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -943,6 +943,25 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
 		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
 		eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
 	}
+
+	if (wpa_s->pending_eapol_rx) {
+		struct os_time now, age;
+		os_get_time(&now);
+		os_time_sub(&now, &wpa_s->pending_eapol_rx_time, &age);
+		if (age.sec == 0 && age.usec < 100000 &&
+		    os_memcmp(wpa_s->pending_eapol_rx_src, bssid, ETH_ALEN) ==
+		    0) {
+			wpa_printf(MSG_DEBUG, "Process pending EAPOL frame "
+				   "that was received just before association "
+				   "notification");
+			wpa_supplicant_rx_eapol(
+				wpa_s, wpa_s->pending_eapol_rx_src,
+				wpabuf_head(wpa_s->pending_eapol_rx),
+				wpabuf_len(wpa_s->pending_eapol_rx));
+		}
+		wpabuf_free(wpa_s->pending_eapol_rx);
+		wpa_s->pending_eapol_rx = NULL;
+	}
 }
 
 
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index d03e9da..c68dd82 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -405,6 +405,9 @@ static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
 	ieee80211_sta_deinit(wpa_s);
 
 	wpas_wps_deinit(wpa_s);
+
+	wpabuf_free(wpa_s->pending_eapol_rx);
+	wpa_s->pending_eapol_rx = NULL;
 }
 
 
@@ -1574,6 +1577,27 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
 	wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
 
+	if (wpa_s->wpa_state < WPA_ASSOCIATED) {
+		/*
+		 * There is possible race condition between receiving the
+		 * association event and the EAPOL frame since they are coming
+		 * through different paths from the driver. In order to avoid
+		 * issues in trying to process the EAPOL frame before receiving
+		 * association information, lets queue it for processing until
+		 * the association event is received.
+		 */
+		wpa_printf(MSG_DEBUG, "Not associated - Delay processing of "
+			   "received EAPOL frame");
+		wpabuf_free(wpa_s->pending_eapol_rx);
+		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
+		if (wpa_s->pending_eapol_rx) {
+			os_get_time(&wpa_s->pending_eapol_rx_time);
+			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
+				  ETH_ALEN);
+		}
+		return;
+	}
+
 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
 		wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
 			   "no key management is configured");
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 63984d8..e814f86 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -364,6 +364,10 @@ struct wpa_supplicant {
 	int wps_success; /* WPS success event received */
 	int blacklist_cleared;
 
+	struct wpabuf *pending_eapol_rx;
+	struct os_time pending_eapol_rx_time;
+	u8 pending_eapol_rx_src[ETH_ALEN];
+
 	int disconnect_count;
 };
 


wpa_supplicant-0.6.9-scan-faster.patch:
 ctrl_iface.c               |   20 +++++-
 ctrl_iface_dbus_handlers.c |   20 +++++-
 events.c                   |  144 +++++++++++++++++++++++++--------------------
 wpa_supplicant_i.h         |    3 
 4 files changed, 120 insertions(+), 67 deletions(-)

--- NEW FILE wpa_supplicant-0.6.9-scan-faster.patch ---
diff -up wpa_supplicant-0.6.8/wpa_supplicant/ctrl_iface.c.scan-faster wpa_supplicant-0.6.8/wpa_supplicant/ctrl_iface.c
--- wpa_supplicant-0.6.8/wpa_supplicant/ctrl_iface.c.scan-faster	2009-02-15 10:00:00.000000000 -0800
+++ wpa_supplicant-0.6.8/wpa_supplicant/ctrl_iface.c	2009-11-29 13:35:44.517283679 -0800
@@ -733,8 +733,9 @@ static int wpa_supplicant_ctrl_iface_sca
 static int wpa_supplicant_ctrl_iface_select_network(
 	struct wpa_supplicant *wpa_s, char *cmd)
 {
-	int id;
+	int id, timeout, do_scan = 1;
 	struct wpa_ssid *ssid;
+	struct os_time now;
 
 	/* cmd: "<network id>" or "any" */
 	if (os_strcmp(cmd, "any") == 0) {
@@ -745,7 +746,22 @@ static int wpa_supplicant_ctrl_iface_sel
 			ssid = ssid->next;
 		}
 		wpa_s->reassociate = 1;
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
+
+		/* Just associate and don't request a scan if the latest
+		 * scan results are less than 10 seconds old.
+		 */
+		if (os_get_time(&now) == 0) {
+			now.sec -= 10;
+			if (os_time_before(&now, &(wpa_s->last_scan))) {
+				if (wpa_supplicant_select_bss_and_associate (
+						wpa_s, &timeout) >= 0) {
+					do_scan = 0;
+				}
+			}
+		}
+
+		if (do_scan)
+			wpa_supplicant_req_scan(wpa_s, 0, 0);
 		return 0;
 	}
 
diff -up wpa_supplicant-0.6.8/wpa_supplicant/ctrl_iface_dbus_handlers.c.scan-faster wpa_supplicant-0.6.8/wpa_supplicant/ctrl_iface_dbus_handlers.c
--- wpa_supplicant-0.6.8/wpa_supplicant/ctrl_iface_dbus_handlers.c.scan-faster	2009-11-29 13:35:44.511309733 -0800
+++ wpa_supplicant-0.6.8/wpa_supplicant/ctrl_iface_dbus_handlers.c	2009-11-29 13:35:44.518283666 -0800
@@ -1073,7 +1073,8 @@ DBusMessage * wpas_dbus_iface_select_net
 		wpa_supplicant_req_scan(wpa_s, 0, 0);
 	} else {
 		const char *obj_path;
-		int nid;
+		int nid, timeout, do_scan = 1;
+		struct os_time now;
 
 		if (!dbus_message_get_args(message, NULL,
 					   DBUS_TYPE_OBJECT_PATH, &op,
@@ -1124,7 +1125,22 @@ DBusMessage * wpas_dbus_iface_select_net
 		}
 		wpa_s->disconnected = 0;
 		wpa_s->reassociate = 1;
-		wpa_supplicant_req_scan(wpa_s, 0, 0);
+
+		/* Just associate and don't request a scan if the latest
+		 * scan results are less than 10 seconds old.
+		 */
+		if (os_get_time(&now) == 0) {
+			now.sec -= 10;
+			if (os_time_before(&now, &(wpa_s->last_scan))) {
+				if (wpa_supplicant_select_bss_and_associate (
+						wpa_s, &timeout) >= 0) {
+					do_scan = 0;
+				}
+			}
+		}
+
+		if (do_scan)
+			wpa_supplicant_req_scan(wpa_s, 0, 0);
 	}
 
 	reply = wpas_dbus_new_success_reply(message);
diff -up wpa_supplicant-0.6.8/wpa_supplicant/events.c.scan-faster wpa_supplicant-0.6.8/wpa_supplicant/events.c
--- wpa_supplicant-0.6.8/wpa_supplicant/events.c.scan-faster	2009-11-29 13:35:44.512309091 -0800
+++ wpa_supplicant-0.6.8/wpa_supplicant/events.c	2009-11-29 13:47:07.789286282 -0800
@@ -683,43 +683,17 @@ wpa_supplicant_select_bss(struct wpa_sup
 }
 
 
-static void wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s)
-{
-	int prio, timeout;
-	struct wpa_scan_res *selected = NULL;
-	struct wpa_ssid *ssid = NULL;
+/* Returns 0 on success; -1 when no BSS has been selected */
+int
+wpa_supplicant_select_bss_and_associate (struct wpa_supplicant *wpa_s,
+					 int *out_timeout)
+ {
+ 	struct wpa_scan_res *selected = NULL;
+ 	struct wpa_ssid *ssid = NULL;
+	int prio;
 	int qual = 0, max_qual = 0, qual_valid = 0, bssid_valid = 0, i;
 	struct cur_ap cur;
 
-	wpa_supplicant_notify_scanning(wpa_s, 0);
-
-	if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
-		if (wpa_s->conf->ap_scan == 2)
-			return;
-		wpa_printf(MSG_DEBUG, "Failed to get scan results - try "
-			   "scanning again");
-		timeout = 1;
-		goto req_scan;
-	}
-
-	/*
-	 * Don't post the results if this was the initial cached
-	 * and there were no results.
-	 */
-	if (wpa_s->scan_res_tried == 1 && wpa_s->conf->ap_scan == 1 &&
-	    wpa_s->scan_res->num == 0) {
-		wpa_msg(wpa_s, MSG_DEBUG, "Cached scan results are "
-			"empty - not posting");
-	} else {
-		wpa_msg(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS);
-		wpa_supplicant_dbus_notify_scan_results(wpa_s);
-		wpas_wps_notify_scan_results(wpa_s);
-	}
-
-	if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s)) ||
-	    wpa_s->disconnected)
-		return;
-
 	/* Get current driver BSSID and signal strength */
 	os_memset(&cur, 0, sizeof(cur));
 
@@ -772,40 +746,84 @@ static void wpa_supplicant_event_scan_re
 		}
 	}
 
-	if (selected) {
-		if (wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) {
-			wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP
-				"PBC session overlap");
-			timeout = 10;
-			goto req_scan;
-		}
-
-		/* Do not trigger new association unless the BSSID has changed
-		 * or if reassociation is requested. If we are in process of
-		 * associating with the selected BSSID, do not trigger new
-		 * attempt. */
-		if (wpa_s->reassociate ||
-		    (os_memcmp(selected->bssid, wpa_s->bssid, ETH_ALEN) != 0 &&
-		     (wpa_s->wpa_state != WPA_ASSOCIATING ||
-		      os_memcmp(selected->bssid, wpa_s->pending_bssid,
-				ETH_ALEN) != 0))) {
-			if (wpa_supplicant_scard_init(wpa_s, ssid)) {
-				wpa_supplicant_req_scan(wpa_s, 10, 0);
-				return;
-			}
-			wpa_supplicant_associate(wpa_s, selected, ssid);
-		} else {
-			wpa_printf(MSG_DEBUG, "Already associated with the "
-				   "selected AP.");
+	if (!selected) {
+		*out_timeout = 5;
+		return -1;
+	}
+
+	if (wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) {
+		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP
+			"PBC session overlap");
+		*out_timeout = 10;
+		return -1;
+	}
+
+	/* Do not trigger new association unless the BSSID has changed
+	 * or if reassociation is requested. If we are in process of
+	 * associating with the selected BSSID, do not trigger new
+	 * attempt. */
+	if (wpa_s->reassociate ||
+	    (os_memcmp(selected->bssid, wpa_s->bssid, ETH_ALEN) != 0 &&
+	     (wpa_s->wpa_state != WPA_ASSOCIATING ||
+	      os_memcmp(selected->bssid, wpa_s->pending_bssid,
+			ETH_ALEN) != 0))) {
+		if (wpa_supplicant_scard_init(wpa_s, ssid)) {
+			*out_timeout = 10;
+			return -1;
 		}
-		rsn_preauth_scan_results(wpa_s->wpa, wpa_s->scan_res);
+		wpa_supplicant_associate(wpa_s, selected, ssid);
 	} else {
-		wpa_printf(MSG_DEBUG, "No suitable AP found.");
-		timeout = 5;
+		wpa_printf(MSG_DEBUG, "Already associated with the "
+			   "selected AP.");
+	}
+
+	return 0;
+}
+
+static void wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s)
+{
+	int timeout;
+
+	wpa_supplicant_notify_scanning(wpa_s, 0);
+
+	if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
+		if (wpa_s->conf->ap_scan == 2)
+			return;
+		wpa_printf(MSG_DEBUG, "Failed to get scan results - try "
+			   "scanning again");
+		timeout = 1;
 		goto req_scan;
 	}
 
-	return;
+	/*
+	 * Don't post the results if this was the initial cached
+	 * and there were no results.
+	 */
+	if (wpa_s->scan_res_tried == 1 && wpa_s->conf->ap_scan == 1 &&
+	    wpa_s->scan_res->num == 0) {
+		wpa_msg(wpa_s, MSG_DEBUG, "Cached scan results are "
+			"empty - not posting");
+	} else {
+		wpa_msg(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS);
+		wpa_supplicant_dbus_notify_scan_results(wpa_s);
+		wpas_wps_notify_scan_results(wpa_s);
+	}
+
+	/* Update scan timestamp if there are any scan results */
+	if (wpa_s->scan_res->num > 0)
+		os_get_time(&(wpa_s->last_scan));
+
+	if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s)) ||
+	    wpa_s->disconnected)
+		return;
+
+	/* Find a BSS and kick off an association with it */
+	if (wpa_supplicant_select_bss_and_associate(wpa_s, &timeout) == 0) {
+		rsn_preauth_scan_results(wpa_s->wpa, wpa_s->scan_res);
+		return;
+	} else {
+		wpa_printf(MSG_DEBUG, "No suitable AP found.");
+	}
 
 req_scan:
 	if (wpa_s->scan_res_tried == 1 && wpa_s->conf->ap_scan == 1) {
diff -up wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant_i.h.scan-faster wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant_i.h
--- wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant_i.h.scan-faster	2009-11-29 13:35:44.514283924 -0800
+++ wpa_supplicant-0.6.8/wpa_supplicant/wpa_supplicant_i.h	2009-11-29 13:35:44.520285108 -0800
@@ -347,6 +347,7 @@ struct wpa_supplicant {
 			     * to speed up the first association if the driver
 			     * has already available scan results. */
 	int scan_runs; /* number of scan runs since WPS was started */
+	struct os_time last_scan; /* timestamp of last scan results */
 
 	struct wpa_client_mlme mlme;
 	int use_client_mlme;
@@ -415,6 +416,8 @@ void wpa_supplicant_notify_scanning(stru
 
 /* events.c */
 void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s);
+int wpa_supplicant_select_bss_and_associate (struct wpa_supplicant *wpa_s,
+					     int *out_timeout);
 
 /* driver_ops */
 static inline void * wpa_drv_init(struct wpa_supplicant *wpa_s,

wpa_supplicant-0.5.10-dbus-service-file.patch:
 dbus-wpa_supplicant.service |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: wpa_supplicant-0.5.10-dbus-service-file.patch
===================================================================
RCS file: /cvs/extras/rpms/wpa_supplicant/devel/wpa_supplicant-0.5.10-dbus-service-file.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- wpa_supplicant-0.5.10-dbus-service-file.patch	3 Mar 2008 17:20:11 -0000	1.1
+++ wpa_supplicant-0.5.10-dbus-service-file.patch	29 Nov 2009 23:46:03 -0000	1.2
@@ -5,5 +5,5 @@ diff -up wpa_supplicant-0.6.3/wpa_suppli
  [D-BUS Service]
  Name=fi.epitest.hostap.WPASupplicant
 -Exec=/sbin/wpa_supplicant -u
-+Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log
++Exec=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -B -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
  User=root


Index: wpa_supplicant.spec
===================================================================
RCS file: /cvs/extras/rpms/wpa_supplicant/devel/wpa_supplicant.spec,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -p -r1.61 -r1.62
--- wpa_supplicant.spec	21 Aug 2009 16:28:10 -0000	1.61
+++ wpa_supplicant.spec	29 Nov 2009 23:46:04 -0000	1.62
@@ -2,7 +2,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
 Version: 0.6.8
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: BSD
 Group: System Environment/Base
 Source0: http://hostap.epitest.fi/releases/%{name}-%{version}.tar.gz
@@ -22,6 +22,8 @@ Patch7: wpa_supplicant-0.6.8-disconnect-
 Patch8: wpa_supplicant-0.6.8-handle-driver-disconnect-spam.patch
 Patch9: wpa_supplicant-0.6.8-ap-stability.patch
 Patch10: wpa_supplicant-0.6.8-scanning-property.patch
+Patch11: wpa_supplicant-0.6.9-scan-faster.patch
+Patch12: wpa_supplicant-0.6.9-eapol-race-fix.patch
 
 URL: http://w1.fi/wpa_supplicant/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -59,6 +61,8 @@ Graphical User Interface for wpa_supplic
 %patch8 -p1 -b .disconnect-spam
 %patch9 -p1 -b .ap-stability
 %patch10 -p1 -b .scanning-property
+%patch11 -p1 -b .scan-faster
+%patch12 -p1 -b .eapol-race-fix
 
 %build
 pushd wpa_supplicant
@@ -149,6 +153,11 @@ fi
 %{_bindir}/wpa_gui
 
 %changelog
+* Sun Nov 29 2009 Dan Williams <dcbw at redhat.com> - 1:0.6.8-7
+- Fix supplicant initscript return value (rh #521807)
+- Fix race when connecting to WPA-Enterprise/802.1x-enabled access points (rh #508509)
+- Don't double-scan when attempting to associate
+
 * Fri Aug 21 2009 Tomas Mraz <tmraz at redhat.com> - 1:0.6.8-6
 - rebuilt with new openssl
 


Index: wpa_supplicant.sysconfig
===================================================================
RCS file: /cvs/extras/rpms/wpa_supplicant/devel/wpa_supplicant.sysconfig,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -p -r1.5 -r1.6
--- wpa_supplicant.sysconfig	8 Mar 2008 20:09:35 -0000	1.5
+++ wpa_supplicant.sysconfig	29 Nov 2009 23:46:04 -0000	1.6
@@ -9,4 +9,8 @@ DRIVERS=""
 # Other arguments
 #   -u   Enable the D-Bus interface (required for use with NetworkManager)
 #   -f   Log to /var/log/wpa_supplicant.log
-OTHER_ARGS="-u -f /var/log/wpa_supplicant.log"
+#   -P   Write pid file to /var/run/wpa_supplicant.pid 
+#        required to return proper codes by init scripts (e.g. double "start" action)
+#        -B to daemonize that has to be used together with -P is already in wpa_supplicant.init.d
+OTHER_ARGS="-u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid"
+




More information about the fedora-extras-commits mailing list