From patchwork Thu Feb 5 14:00:01 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masashi Honma X-Patchwork-Id: 436792 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id CE36B1402A8 for ; Fri, 6 Feb 2015 01:01:21 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id D10799D4F2; Thu, 5 Feb 2015 09:01:13 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id swCxCgxpguS9; Thu, 5 Feb 2015 09:01:13 -0500 (EST) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 4A23A17C029; Thu, 5 Feb 2015 09:00:50 -0500 (EST) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 0A65E17C097 for ; Thu, 5 Feb 2015 09:00:49 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5JR5rwK0O2JY for ; Thu, 5 Feb 2015 09:00:43 -0500 (EST) Received: from mail-pd0-f180.google.com (mail-pd0-f180.google.com [209.85.192.180]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (not verified)) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id 7AC4A9D4F2 for ; Thu, 5 Feb 2015 09:00:40 -0500 (EST) Received: by pdjy10 with SMTP id y10so7915472pdj.7 for ; Thu, 05 Feb 2015 06:00:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=FB+5g7YWElxQmHgOBV3aEmYgVnUddjFGetebxJjR9Ro=; b=ZEVOH49ZhMq4ozEMpjMSSt22klBHBa/EDkSc4mm0UvOj68aczRfZCbYb26rpCMH7PD a6bmv5DmCtwOiBYLyIypnQ2p77u7WBzrVSVtw2fI9ZlpnOkOsNpfwWyv5wFl0P1ulzOs YLVWEJe6rGPKE61FBInyWedZCr07nhMvomI0gTo1N4m1HA8p+wJom/9O4krcKJAP0KmY Qtrp3Z0+piuruYxfmXIDCKRenHUMT8WhkCxFTDI+XGYrpkbkF5AaqVLpaRXXl+3Ur5A4 nE9GVautZq/QDi76XrBqgv6626q5zEhGZ5mN5OOAdrrYuvHS4Qd85zhbTddq28k835io wE/g== X-Received: by 10.70.126.100 with SMTP id mx4mr5956365pdb.138.1423144839554; Thu, 05 Feb 2015 06:00:39 -0800 (PST) Received: from localhost.localdomain (p7bc67294.kngwnt01.ap.so-net.ne.jp. [123.198.114.148]) by mx.google.com with ESMTPSA id g6sm5195618pdo.76.2015.02.05.06.00.37 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 05 Feb 2015 06:00:38 -0800 (PST) From: Masashi Honma To: hostap@lists.shmoo.com Subject: [PATCH 3/3] mesh: Fix remaining BLOCKED state after SAE auth failure Date: Thu, 5 Feb 2015 23:00:01 +0900 Message-Id: <1423144801-25777-3-git-send-email-masashi.honma@gmail.com> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1423144801-25777-1-git-send-email-masashi.honma@gmail.com> References: <1423144801-25777-1-git-send-email-masashi.honma@gmail.com> X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.11 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com When SAE authentication failed, wpa_supplicant retries four times. If all the retries resulted in failure, SAE state machine enters BLOCKED state. Once it entered the state, wpa_supplicant doesn't retry to re-connect any more. This patch re-tries to connect even if the state machine entered BLOCKED state. There could be an opinion "Is this patch needed ? User could know the SAE state machine is in the BLOCKED mode by MESH-SAE-AUTH-BLOCKED event. Then user can retry connection. By user action, SAE state machine can change the state from BLOCKED to another.". Yes, this is a true at the joining mesh STA. But at the being joined STA (this STA is already a menber of existing mesh BSS) should not retry connection. Because if the joining mesh STA used wrong password, all the exsting STA should do something from UI to retry connection. Signed-off-by: Masashi Honma --- wpa_supplicant/mesh_rsn.c | 12 ++++++++++++ wpa_supplicant/wpa_supplicant_i.h | 1 + 2 files changed, 13 insertions(+) diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c index 148c292..32823e2 100644 --- a/wpa_supplicant/mesh_rsn.c +++ b/wpa_supplicant/mesh_rsn.c @@ -27,6 +27,7 @@ #define MESH_AUTH_TIMEOUT 10 #define MESH_AUTH_RETRY 3 +#define MESH_AUTH_BLOCK_DURATION (3600) void mesh_auth_timer(void *eloop_ctx, void *user_data) @@ -43,9 +44,19 @@ void mesh_auth_timer(void *eloop_ctx, void *user_data) if (sta->sae_auth_retry < MESH_AUTH_RETRY) { mesh_rsn_auth_sae_sta(wpa_s, sta); } else { + if (sta->sae_auth_retry > MESH_AUTH_RETRY) { + ap_free_sta(wpa_s->ifmsh->bss[0], sta); + return; + } + /* block the STA if exceeded the number of attempts */ wpa_mesh_set_plink_state(wpa_s, sta, PLINK_BLOCKED); sta->sae->state = SAE_NOTHING; + if (wpa_s->mesh_auth_block_duration < + MESH_AUTH_BLOCK_DURATION) + wpa_s->mesh_auth_block_duration += 60; + eloop_register_timeout(wpa_s->mesh_auth_block_duration, + 0, mesh_auth_timer, wpa_s, sta); wpa_msg(wpa_s, MSG_WARNING, MESH_SAE_AUTH_BLOCKED "addr=" MACSTR " duration=%d", MAC2STR(sta->addr), @@ -306,6 +317,7 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s, if (ret) return ret; + eloop_cancel_timeout(mesh_auth_timer, wpa_s, sta); rnd = rand() % MESH_AUTH_TIMEOUT; eloop_register_timeout(MESH_AUTH_TIMEOUT + rnd, 0, mesh_auth_timer, wpa_s, sta); diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index c80a620..05c3d92 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -712,6 +712,7 @@ struct wpa_supplicant { int mesh_if_idx; unsigned int mesh_if_created:1; unsigned int mesh_ht_enabled:1; + int mesh_auth_block_duration; /* sec */ #endif /* CONFIG_MESH */ unsigned int off_channel_freq;