From: Jouni Malinen <j@w1.fi>
Date: Fri, 26 Dec 2008 13:56:30 +0000 (+0200)
Subject: Added a TODO item for sending protected Disassoc after failed SA Query
X-Git-Tag: hostap_0_6_7~52
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=libeap.git;a=commitdiff_plain;h=6f5c8dbd79e17fca13fd63b08e055d5062d7b360

Added a TODO item for sending protected Disassoc after failed SA Query
---

diff --git a/hostapd/ieee802_11.c b/hostapd/ieee802_11.c
index d30bce4..904b789 100644
--- a/hostapd/ieee802_11.c
+++ b/hostapd/ieee802_11.c
@@ -1061,6 +1061,19 @@ static void handle_assoc(struct hostapd_data *hapd,
 	/* Station will be marked associated, after it acknowledges AssocResp
 	 */
 
+#ifdef CONFIG_IEEE80211W
+	if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
+		wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out "
+			   "SA Query procedure", reassoc ? "re" : "");
+		/* TODO: Send a protected Disassociate frame to the STA using
+		 * the old key and Reason Code "Previous Authentication no
+		 * longer valid". Make sure this is only sent protected since
+		 * unprotected frame would be received by the STA that is now
+		 * trying to associate.
+		 */
+	}
+#endif /* CONFIG_IEEE80211W */
+
 	if (reassoc) {
 		os_memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap,
 			  ETH_ALEN);