diff options
| author | sam <sam@FreeBSD.org> | 2005-08-06 04:56:49 +0000 |
|---|---|---|
| committer | sam <sam@FreeBSD.org> | 2005-08-06 04:56:49 +0000 |
| commit | 820d1d2e7cf485305dc12b55b60e9cf4588ddcd8 (patch) | |
| tree | 3b57c38c8b30eb0f5f43845321a51d8b2b5ae9f8 /sys/net80211/ieee80211_node.c | |
| parent | 82b622da6cd66aa1b7defd0cd1597bfca51d6aa3 (diff) | |
| download | FreeBSD-src-820d1d2e7cf485305dc12b55b60e9cf4588ddcd8.zip FreeBSD-src-820d1d2e7cf485305dc12b55b60e9cf4588ddcd8.tar.gz | |
Fix handling of frames sent prior to a station being authorized
when operating in ap mode. Previously we allocated a node from the
station table, sent the frame (using the node), then released the
reference that "held the frame in the table". But while the frame
was in flight the node might be reclaimed which could lead to
problems. The solution is to add an ieee80211_tmp_node routine
that crafts a node that does exist in a table and so isn't ever
reclaimed; it exists only so long as the associated frame is in flight.
MFC after: 5 days
Diffstat (limited to 'sys/net80211/ieee80211_node.c')
| -rw-r--r-- | sys/net80211/ieee80211_node.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/sys/net80211/ieee80211_node.c b/sys/net80211/ieee80211_node.c index 72884f0..12ff342 100644 --- a/sys/net80211/ieee80211_node.c +++ b/sys/net80211/ieee80211_node.c @@ -947,6 +947,42 @@ ieee80211_alloc_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) return ni; } +/* + * Craft a temporary node suitable for sending a management frame + * to the specified station. We craft only as much state as we + * need to do the work since the node will be immediately reclaimed + * once the send completes. + */ +struct ieee80211_node * +ieee80211_tmp_node(struct ieee80211com *ic, const u_int8_t *macaddr) +{ + struct ieee80211_node *ni; + + ni = ic->ic_node_alloc(&ic->ic_sta); + if (ni != NULL) { + IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, + "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); + + IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); + IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); + ieee80211_node_initref(ni); /* mark referenced */ + ni->ni_txpower = ic->ic_bss->ni_txpower; + /* NB: required by ieee80211_fix_rate */ + ieee80211_set_chan(ic, ni, ic->ic_bss->ni_chan); + ieee80211_crypto_resetkey(ic, &ni->ni_ucastkey, + IEEE80211_KEYIX_NONE); + /* XXX optimize away */ + IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); + + ni->ni_table = NULL; /* NB: pedantic */ + ni->ni_ic = ic; + } else { + /* XXX msg */ + ic->ic_stats.is_rx_nodealloc++; + } + return ni; +} + struct ieee80211_node * ieee80211_dup_bss(struct ieee80211_node_table *nt, const u_int8_t *macaddr) { |
