From patchwork Tue Jul 24 18:10:49 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: michael-dev X-Patchwork-Id: 172993 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "maxx.shmoo.com", Issuer "CA Cert Signing Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 7483C2C008C for ; Wed, 25 Jul 2012 04:11:12 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 8A1DC9C198; Tue, 24 Jul 2012 14:11:09 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxDn1hR8fb8N; Tue, 24 Jul 2012 14:11:09 -0400 (EDT) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 45E559C19C; Tue, 24 Jul 2012 14:11:05 -0400 (EDT) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id F30129C19C for ; Tue, 24 Jul 2012 14:11:03 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u96Vg5XyrSbe for ; Tue, 24 Jul 2012 14:10:59 -0400 (EDT) Received: from mo-p00-ob.rzone.de (mo-p00-ob.rzone.de [81.169.146.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id C19CF9C198 for ; Tue, 24 Jul 2012 14:10:58 -0400 (EDT) X-RZG-AUTH: :P20JeEWkefDI1ODZs1HHtgV3eF0OpFsRaGIBAn03jOVhprQ5djOArpzBF1FFzgYXnj3eG4op64s= X-RZG-CLASS-ID: mo00 Received: from dynamic.fami-braun.de ([2a01:198:45f::254]) by smtp.strato.de (joses mo62) (RZmta 29.19 AUTH) with (DHE-RSA-AES256-SHA encrypted) ESMTPA id v065a3o6OGj9GG ; Tue, 24 Jul 2012 20:10:57 +0200 (CEST) Received: from dynamic.fami-braun.de (localhost [127.0.0.1]) by dynamic.fami-braun.de (fami-braun.de) with ESMTP id 4AE6414E1AC; Tue, 24 Jul 2012 20:10:56 +0200 (CEST) MIME-Version: 1.0 Date: Tue, 24 Jul 2012 20:10:49 +0200 From: michael-dev To: , Subject: [PATCH] fix wpa group rekeying Mail-Reply-To: , In-Reply-To: <9f8e1ea5219c25afa67ade74dc0671e8@fami-braun.de> References: <9f8e1ea5219c25afa67ade74dc0671e8@fami-braun.de> Message-ID: X-Sender: michael-dev@fami-braun.de User-Agent: Roundcube Webmail/0.7.2 X-Virus-Scanned: clamav-milter 0.97.3 at gate X-Virus-Status: Clean X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: hostap@lists.shmoo.com, projekt-wlan@fem.tu-ilmenau.de List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com Hi, I'm currently facing wpa_group_setkeys: Unexpected GKeyDoneStations=2 when starting new GTK rekey warnings with two STAs connected in different VLANs, but only wpa_group_setkeys: GKeyDoneStations=1 messages. I can only explain this with wpa_group_update_sta being called multiple times per sta, as GKeyDoneStations is only incremented there and after each wpa_group_setkeys, the GKeyDoneStations of the driven group is correct (= the number of stas in the processed vlan). Looking at wpa_auth_for_each_sta and its for_each implementation on wpa_auth_glue.c, I find that this code iterates over all sta and not just those of the given group. This can be verified by printing debug messages in wpa_group_update_sta giving the group vlan_id, which shows both vlans (of both stas) in each wpa_group_setkeys call. Please find attached a patch that fixes this by giving the group pointer as callback context in wpa_group_setkeys and let wpa_group_update_sta skip those stas that are not in the correct group. It works for me and fixes the wpa group keying issues seen before. Signed-hostap: Michael Braun Regards, M. Braun --- hostapd-20120707/src/ap/wpa_auth.c 2012-07-24 18:39:46.478606571 +0200 +++ hostapd-20120707/src/ap/wpa_auth.c 2012-07-24 18:40:42.686680840 +0200 @@ -2416,6 +2416,9 @@ static void wpa_group_gtk_init(struct wp static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx) { + + if (ctx != sm->group) return 0; + if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) { wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, "Not in PTKINITDONE; skip Group Key update"); @@ -2470,7 +2473,7 @@ static void wpa_group_setkeys(struct wpa group->GKeyDoneStations); group->GKeyDoneStations = 0; } - wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL); + wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group); wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d", group->GKeyDoneStations); }