headers
michael-dev | 24 Jul 2012 20:10
Picon

[PATCH] fix wpa group rekeying

Hi,

I'm currently facing

  wpa_group_setkeys: Unexpected GKeyDoneStations=2 when starting new GTK 
rekey

warnings with two STAs connected in different VLANs, but only 
wpa_group_setkeys: GKeyDoneStations=1 messages.
I can only explain this with wpa_group_update_sta being called multiple 
times per sta, as GKeyDoneStations is only incremented there and after 
each wpa_group_setkeys, the GKeyDoneStations of the driven group is 
correct (= the number of stas in the processed vlan).

Looking at wpa_auth_for_each_sta and its for_each implementation on 
wpa_auth_glue.c, I find that this code iterates over all sta and not 
just those of the given group. This can be verified by printing debug 
messages in wpa_group_update_sta giving the group vlan_id, which shows 
both vlans (of both stas) in each wpa_group_setkeys call.

Please find attached a patch that fixes this by giving the group 
pointer as callback context in wpa_group_setkeys and let 
wpa_group_update_sta skip those stas that are not in the correct group.
It works for me and fixes the wpa group keying issues seen before.

Signed-hostap: Michael Braun <michael-dev <at> fami-braun.de>

Regards,
   M. Braun
--- hostapd-20120707/src/ap/wpa_auth.c  2012-07-24 18:39:46.478606571 +0200
+++ hostapd-20120707/src/ap/wpa_auth.c  2012-07-24 18:40:42.686680840 +0200
 <at>  <at>  -2416,6 +2416,9  <at>  <at>  static void wpa_group_gtk_init(struct wp

 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
 {
+       
+       if (ctx != sm->group) return 0;
+       
        if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
                wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
                                "Not in PTKINITDONE; skip Group Key update");
 <at>  <at>  -2470,7 +2473,7  <at>  <at>  static void wpa_group_setkeys(struct wpa
                           group->GKeyDoneStations);
                group->GKeyDoneStations = 0;
        }
-       wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+       wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
        wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
                   group->GKeyDoneStations);
 }


_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Permalink | Reply |

Gmane