fix wpa group rekeying

Submitter	michael-dev@fami-braun.de
Date	July 24, 2012, 6:10 p.m.
Message ID	<a57dc93e3519a44d1f78297a5eb0f6a9@fami-braun.de>
Download	mbox \| patch
Permalink	/patch/172993/
State	Superseded
Headers	show Return-Path: <hostap-bounces@lists.shmoo.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_d52d55955d9bc634bdfbb133ebffe62e" Date: Tue, 24 Jul 2012 20:10:49 +0200 From: michael-dev <michael-dev@fami-braun.de> To: <hostap@lists.shmoo.com>, <projekt-wlan@fem.tu-ilmenau.de> Subject: [PATCH] fix wpa group rekeying Mail-Reply-To: <hostap@lists.shmoo.com>, <projekt-wlan@fem.tu-ilmenau.de> In-Reply-To: <9f8e1ea5219c25afa67ade74dc0671e8@fami-braun.de> References: <9f8e1ea5219c25afa67ade74dc0671e8@fami-braun.de> Message-ID: <a57dc93e3519a44d1f78297a5eb0f6a9@fami-braun.de> User-Agent: Roundcube Webmail/0.7.2 Precedence: list Reply-To: hostap@lists.shmoo.com, projekt-wlan@fem.tu-ilmenau.de Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com

Comments

michael-dev@fami-braun.de - July 24, 2012, 6:10 p.m.

Hi,

I'm currently facing

  wpa_group_setkeys: Unexpected GKeyDoneStations=2 when starting new GTK 
rekey

warnings with two STAs connected in different VLANs, but only 
wpa_group_setkeys: GKeyDoneStations=1 messages.
I can only explain this with wpa_group_update_sta being called multiple 
times per sta, as GKeyDoneStations is only incremented there and after 
each wpa_group_setkeys, the GKeyDoneStations of the driven group is 
correct (= the number of stas in the processed vlan).

Looking at wpa_auth_for_each_sta and its for_each implementation on 
wpa_auth_glue.c, I find that this code iterates over all sta and not 
just those of the given group. This can be verified by printing debug 
messages in wpa_group_update_sta giving the group vlan_id, which shows 
both vlans (of both stas) in each wpa_group_setkeys call.

Please find attached a patch that fixes this by giving the group 
pointer as callback context in wpa_group_setkeys and let 
wpa_group_update_sta skip those stas that are not in the correct group.
It works for me and fixes the wpa group keying issues seen before.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>

Regards,
   M. Braun

Patch

--- hostapd-20120707/src/ap/wpa_auth.c  2012-07-24 18:39:46.478606571 +0200
+++ hostapd-20120707/src/ap/wpa_auth.c  2012-07-24 18:40:42.686680840 +0200
@@ -2416,6 +2416,9 @@  static void wpa_group_gtk_init(struct wp

 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
 {
+       
+       if (ctx != sm->group) return 0;
+       
        if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
                wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
                                "Not in PTKINITDONE; skip Group Key update");
@@ -2470,7 +2473,7 @@  static void wpa_group_setkeys(struct wpa
                           group->GKeyDoneStations);
                group->GKeyDoneStations = 0;
        }
-       wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+       wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
        wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
                   group->GKeyDoneStations);
 }

Patchwork fix wpa group rekeying

Comments

Patch