commit efe08faa6feb105baa6121ba3c7e081a6e8a8ddd
author Sushant Kaushik <skaushik@qti.qualcomm.com> Mon Jul 06 14:54:09 2015 +0530
committer Satyanarayana Dash <sadash@codeaurora.org> Wed Jul 08 18:53:08 2015 +0530
tree 6e6af56617fc9fdc84f4ba527ed104c73efc4b44
parent a7ef41dc0b562fe1eb9406cadc125bd0fefa0028

wlan: Limit the Deauth Frames sent by AP to STA

Currently when Scan is ongoing and Deauth is sent by AP to STA,
LIM post the DEAUTH IND message to CSR.Because of scan, FW keeps
on sending the NULL frame and AP sends the DEAUTH frame in
response to this NULL frame.This results in flood of DEAUTH frame
and PE message queue always have this DEAUTH frames because of which
CSR is not able to get chance to process the DEAUTH indication.

As a part of fix deauth frames RX are limited  and for PMF
unproctected frames only frames with time difference of 1 sec
are passed to Lim.

Change-Id: I8843f0806938be6194361b4c569845e4a735a76e
CRs-Fixed: 864583

CORE/MAC/src/pe/lim/limApi.c

diff --git a/CORE/MAC/src/pe/lim/limApi.c b/CORE/MAC/src/pe/lim/limApi.c
index f4f1572..dcc8f82 100644
--- a/CORE/MAC/src/pe/lim/limApi.c
+++ b/CORE/MAC/src/pe/lim/limApi.c
@@ -2251,7 +2251,76 @@
     return;
 }
 
+/** ----------------------------------------------------------------------
+ *\brief limIsDeauthDiassocForDrop()..decides to drop deauth\diassoc frames.
+ *This function is called before enqueuing the frame to PE queue.
+ *This prevents deauth/diassoc frames getting into PE Queue.
 
+------------------------------------------------------------------------ */
+
+
+boolean limIsDeauthDiassocForDrop(tpAniSirGlobal pMac,
+                                          tANI_U8 *pRxPacketInfo)
+{
+    tANI_U8         sessionId;
+    tANI_U16          aid;
+    tpPESession     psessionEntry;
+    tpSirMacMgmtHdr pMacHdr;
+    tpDphHashNode     pStaDs;
+
+    pMacHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo);
+    psessionEntry = peFindSessionByBssid(pMac,pMacHdr->bssId,&sessionId);
+    if (!psessionEntry)
+    {
+        PELOG1(sysLog(pMac, LOG1,
+               FL("session does not exist for given STA [%pM]"),
+                  pMacHdr->sa););
+        return TRUE;
+    }
+    pStaDs = dphLookupHashEntry(pMac, pMacHdr->sa, &aid,
+                               &psessionEntry->dph.dphHashTable);
+    if (!pStaDs)
+    {
+        PELOG1(sysLog(pMac, LOG1,FL("pStaDs is NULL")););
+        return TRUE;
+    }
+#ifdef WLAN_FEATURE_11W
+    if (psessionEntry->limRmfEnabled)
+    {
+        if ((WDA_GET_RX_DPU_FEEDBACK(pRxPacketInfo) &
+                               DPU_FEEDBACK_UNPROTECTED_ERROR))
+        {
+            /* It may be possible that deauth/diassoc frames from a spoofy
+             * AP is received. So if all further deauth/diassoc frmaes are
+             * dropped, then it may result in lossing deauth/diassoc frames
+             * from genuine AP. So process all deauth/diassoc frames with
+             * a time difference of 1 sec.
+             */
+            if (vos_timer_get_system_time() - pStaDs->last_unprot_deauth_disassoc < 1000)
+                return TRUE;
+            pStaDs->last_unprot_deauth_disassoc =
+                              vos_timer_get_system_time();
+        }
+/* PMF enabed, Management frames are protected */
+        else
+        {
+            if (pStaDs->proct_deauh_disassoc_cnt)
+                return TRUE;
+            else
+                pStaDs->proct_deauh_disassoc_cnt++;
+        }
+    }
+    else
+#endif
+/* PMF disabled */
+    {
+        if (pStaDs->isDisassocDeauthInProgress)
+            return TRUE;
+         else
+            pStaDs->isDisassocDeauthInProgress++;
+    }
+    return FALSE;
+}
 /** -----------------------------------------------------------------
   \brief limIsPktCandidateForDrop() - decides whether to drop the frame or not