From patchwork Thu Aug  9 09:42:13 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [PATCHv2] fix wpa group rekeying
Date: Wed, 08 Aug 2012 23:42:13 -0000
From: michael-dev@fami-braun.de
X-Patchwork-Id: 176037
Message-Id: <6f0cd98fc2dfdf2358331ab08f5d53f8@fami-braun.de>
To: <hostap@lists.shmoo.com>, <projekt-wlan@fem.tu-ilmenau.de>

Hi,

here comes the refreshed patch, as upstream uses wpa_group_update_sta 
now in a second place, too.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>

Regards,
  M. Braun

Am 24.07.2012 20:10, schrieb michael-dev:
> Hi,
>
> I'm currently facing
>
>  wpa_group_setkeys: Unexpected GKeyDoneStations=2 when starting new 
> GTK rekey
>
> warnings with two STAs connected in different VLANs, but only
> wpa_group_setkeys: GKeyDoneStations=1 messages.
> I can only explain this with wpa_group_update_sta being called
> multiple times per sta, as GKeyDoneStations is only incremented there
> and after each wpa_group_setkeys, the GKeyDoneStations of the driven
> group is correct (= the number of stas in the processed vlan).
>
> Looking at wpa_auth_for_each_sta and its for_each implementation on
> wpa_auth_glue.c, I find that this code iterates over all sta and not
> just those of the given group. This can be verified by printing debug
> messages in wpa_group_update_sta giving the group vlan_id, which 
> shows
> both vlans (of both stas) in each wpa_group_setkeys call.
>
> Please find attached a patch that fixes this by giving the group
> pointer as callback context in wpa_group_setkeys and let
> wpa_group_update_sta skip those stas that are not in the correct
> group.
> It works for me and fixes the wpa group keying issues seen before.
>
> Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
>
> Regards,
>   M. Braun


diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 374b0a4..fd69081 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2444,6 +2444,9 @@ static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
 
 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
 {
+	if (ctx != NULL && ctx != sm->group)
+		return 0;
+
 	if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
 		wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
 				"Not in PTKINITDONE; skip Group Key update");
@@ -2630,7 +2633,7 @@ static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
 			   group->GKeyDoneStations);
 		group->GKeyDoneStations = 0;
 	}
-	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
 	wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
 		   group->GKeyDoneStations);
 }