From 42be4e8353aebfc3cf73c7001101f6addf2df279 Mon Sep 17 00:00:00 2001 From: sam Date: Wed, 6 Jul 2005 01:51:44 +0000 Subject: Fix race condition in handling node reference counts for authenticating stations in ap mode. Track when a node's first auth frame is received and use this to decide whether or not to bump the refcnt. This insures we only ever bump the refcnt once. Reviewed by: avatar Approved by: re (scottl) --- sys/net80211/ieee80211_node.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'sys/net80211/ieee80211_node.c') diff --git a/sys/net80211/ieee80211_node.c b/sys/net80211/ieee80211_node.c index 3811f99..b085855 100644 --- a/sys/net80211/ieee80211_node.c +++ b/sys/net80211/ieee80211_node.c @@ -850,6 +850,13 @@ node_cleanup(struct ieee80211_node *ni) "[%s] power save mode off, %u sta's in ps mode\n", ether_sprintf(ni->ni_macaddr), ic->ic_ps_sta); } + /* + * Clear AREF flag that marks the authorization refcnt bump + * has happened. This is probably not needed as the node + * should always be removed from the table so not found but + * do it just in case. + */ + ni->ni_flags &= ~IEEE80211_NODE_AREF; /* * Drain power save queue and, if needed, clear TIM. @@ -1397,6 +1404,14 @@ restart: continue; ni->ni_scangen = gen; /* + * Ignore entries for which have yet to receive an + * authentication frame. These are transient and + * will be reclaimed when the last reference to them + * goes away (when frame xmits complete). + */ + if ((ni->ni_flags & IEEE80211_NODE_AREF) == 0) + continue; + /* * Free fragment if not needed anymore * (last fragment older than 1s). * XXX doesn't belong here -- cgit v1.1