Patchwork fix wpa group rekeying

mail settings
Date July 24, 2012, 6:10 p.m.
Message ID <>
Download mbox | patch
Permalink /patch/172993/
State Superseded
Headers show

Comments - July 24, 2012, 6:10 p.m.

I'm currently facing

  wpa_group_setkeys: Unexpected GKeyDoneStations=2 when starting new GTK 

warnings with two STAs connected in different VLANs, but only 
wpa_group_setkeys: GKeyDoneStations=1 messages.
I can only explain this with wpa_group_update_sta being called multiple 
times per sta, as GKeyDoneStations is only incremented there and after 
each wpa_group_setkeys, the GKeyDoneStations of the driven group is 
correct (= the number of stas in the processed vlan).

Looking at wpa_auth_for_each_sta and its for_each implementation on 
wpa_auth_glue.c, I find that this code iterates over all sta and not 
just those of the given group. This can be verified by printing debug 
messages in wpa_group_update_sta giving the group vlan_id, which shows 
both vlans (of both stas) in each wpa_group_setkeys call.

Please find attached a patch that fixes this by giving the group 
pointer as callback context in wpa_group_setkeys and let 
wpa_group_update_sta skip those stas that are not in the correct group.
It works for me and fixes the wpa group keying issues seen before.

Signed-hostap: Michael Braun <>

   M. Braun


--- hostapd-20120707/src/ap/wpa_auth.c  2012-07-24 18:39:46.478606571 +0200
+++ hostapd-20120707/src/ap/wpa_auth.c  2012-07-24 18:40:42.686680840 +0200
@@ -2416,6 +2416,9 @@  static void wpa_group_gtk_init(struct wp

 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
+       if (ctx != sm->group) return 0;
        if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
                wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
                                "Not in PTKINITDONE; skip Group Key update");
@@ -2470,7 +2473,7 @@  static void wpa_group_setkeys(struct wpa
                group->GKeyDoneStations = 0;
-       wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+       wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
        wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",