[PATCHv2] fix wpa group rekeying

Message ID 6f0cd98fc2dfdf2358331ab08f5d53f8@fami-braun.de
State Accepted
Commit 473b6f22e95936e4f5b8a7c0e9bc382c8a17c9cd
Headers show

Commit Message

michael-dev@fami-braun.de Aug. 9, 2012, 9:42 a.m.

here comes the refreshed patch, as upstream uses wpa_group_update_sta 
now in a second place, too.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>

  M. Braun

Am 24.07.2012 20:10, schrieb michael-dev:
> Hi,
> I'm currently facing
>  wpa_group_setkeys: Unexpected GKeyDoneStations=2 when starting new 
> GTK rekey
> warnings with two STAs connected in different VLANs, but only
> wpa_group_setkeys: GKeyDoneStations=1 messages.
> I can only explain this with wpa_group_update_sta being called
> multiple times per sta, as GKeyDoneStations is only incremented there
> and after each wpa_group_setkeys, the GKeyDoneStations of the driven
> group is correct (= the number of stas in the processed vlan).
> Looking at wpa_auth_for_each_sta and its for_each implementation on
> wpa_auth_glue.c, I find that this code iterates over all sta and not
> just those of the given group. This can be verified by printing debug
> messages in wpa_group_update_sta giving the group vlan_id, which 
> shows
> both vlans (of both stas) in each wpa_group_setkeys call.
> Please find attached a patch that fixes this by giving the group
> pointer as callback context in wpa_group_setkeys and let
> wpa_group_update_sta skip those stas that are not in the correct
> group.
> It works for me and fixes the wpa group keying issues seen before.
> Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
> Regards,
>   M. Braun


Jouni Malinen Aug. 10, 2012, 1:53 p.m. | #1
On Thu, Aug 09, 2012 at 11:42:13AM +0200, michael-dev wrote:
> here comes the refreshed patch, as upstream uses
> wpa_group_update_sta now in a second place, too.

Thanks! Applied.


diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 374b0a4..fd69081 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2444,6 +2444,9 @@  static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
+	if (ctx != NULL && ctx != sm->group)
+		return 0;
 	if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
 		wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
 				"Not in PTKINITDONE; skip Group Key update");
@@ -2630,7 +2633,7 @@  static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
 		group->GKeyDoneStations = 0;
-	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
 	wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",