Patchwork [PATCHv2] fix wpa group rekeying

login
register
mail settings
Submitter michael-dev@fami-braun.de
Date Aug. 9, 2012, 9:42 a.m.
Message ID <6f0cd98fc2dfdf2358331ab08f5d53f8@fami-braun.de>
Download mbox | patch
Permalink /patch/176037/
State Accepted
Commit 473b6f22e95936e4f5b8a7c0e9bc382c8a17c9cd
Headers show

Comments

michael-dev@fami-braun.de - Aug. 9, 2012, 9:42 a.m.
Hi,

here comes the refreshed patch, as upstream uses wpa_group_update_sta 
now in a second place, too.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>

Regards,
  M. Braun

Am 24.07.2012 20:10, schrieb michael-dev:
> Hi,
>
> I'm currently facing
>
>  wpa_group_setkeys: Unexpected GKeyDoneStations=2 when starting new 
> GTK rekey
>
> warnings with two STAs connected in different VLANs, but only
> wpa_group_setkeys: GKeyDoneStations=1 messages.
> I can only explain this with wpa_group_update_sta being called
> multiple times per sta, as GKeyDoneStations is only incremented there
> and after each wpa_group_setkeys, the GKeyDoneStations of the driven
> group is correct (= the number of stas in the processed vlan).
>
> Looking at wpa_auth_for_each_sta and its for_each implementation on
> wpa_auth_glue.c, I find that this code iterates over all sta and not
> just those of the given group. This can be verified by printing debug
> messages in wpa_group_update_sta giving the group vlan_id, which 
> shows
> both vlans (of both stas) in each wpa_group_setkeys call.
>
> Please find attached a patch that fixes this by giving the group
> pointer as callback context in wpa_group_setkeys and let
> wpa_group_update_sta skip those stas that are not in the correct
> group.
> It works for me and fixes the wpa group keying issues seen before.
>
> Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
>
> Regards,
>   M. Braun
Jouni Malinen - Aug. 10, 2012, 1:53 p.m.
On Thu, Aug 09, 2012 at 11:42:13AM +0200, michael-dev wrote:
> here comes the refreshed patch, as upstream uses
> wpa_group_update_sta now in a second place, too.

Thanks! Applied.

Patch

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 374b0a4..fd69081 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2444,6 +2444,9 @@  static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
 
 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
 {
+	if (ctx != NULL && ctx != sm->group)
+		return 0;
+
 	if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
 		wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
 				"Not in PTKINITDONE; skip Group Key update");
@@ -2630,7 +2633,7 @@  static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
 			   group->GKeyDoneStations);
 		group->GKeyDoneStations = 0;
 	}
-	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
 	wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
 		   group->GKeyDoneStations);
 }