Message ID | 1456314830-12935-42-git-send-email-michael-dev@fami-braun.de |
---|---|
State | Changes Requested |
Headers | show |
On Wed, Feb 24, 2016 at 12:53:47PM +0100, michael-dev@fami-braun.de wrote: > Simplifies testing. All other items are seconds as well. > diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf > @@ -1273,7 +1273,7 @@ own_ip_addr=127.0.0.1 > -# Default lifetime of the PMK-RO in minutes; range 1..65535 > +# Default lifetime of the PMK-RO in seconds; range 1..65535 > # (default: 60 minutes; 0 = disable timeout) > # (dot11FTR0KeyLifetime) > #r0_key_lifetime=10000 This is problematic since this would change the interpretation of an existing configuration parameter. In addition, the range here is not valid. Interestingly dot11FTR0KeyLifetime is actually defined to use seconds as the unit and 60..4294967295 as the allowed range and 1209600 as the default value. Maybe that changed at some point during P802.11r development and the hostapd design did not get updated to match.. Normally, I'd prefer a new configuration file parameter to be added if the design changes in this manner and then leaving the old parameter in place for backwards compatibility. For example, ft_r0_key_lifetime could be defined as the new value and if r0_key_lifetime is set in the configuration file, that could be parsed to ft_r0_key_lifetime with 60 times the value. This would avoid unexpected changes in behavior if someone updates hostapd and continues to use an old configuration file. The documentation in hostapd.conf should specify 60 as the minimum value, but it is convenient to allow smaller values for testing purposes.
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 53983bb..631f0e0 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1273,7 +1273,7 @@ own_ip_addr=127.0.0.1 # 1 to 48 octet identifier. # This is configured with nas_identifier (see RADIUS client section above). -# Default lifetime of the PMK-RO in minutes; range 1..65535 +# Default lifetime of the PMK-RO in seconds; range 1..65535 # (default: 60 minutes; 0 = disable timeout) # (dot11FTR0KeyLifetime) #r0_key_lifetime=10000 diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index c2361e0..2d5961d 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -92,7 +92,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss) #ifdef CONFIG_IEEE80211R bss->ft_over_ds = 1; - bss->r0_key_lifetime = 60; /* same as eap_reauth_period */ + bss->r0_key_lifetime = 3600; /* same as eap_reauth_period */ bss->rkh_pos_timeout = 86400; bss->rkh_neg_timeout = 60; bss->rkh_pull_timeout = 1000; diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 8414335..371ecfb 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2363,7 +2363,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING) *pos++ = WLAN_EID_TIMEOUT_INTERVAL; *pos++ = 5; *pos++ = WLAN_TIMEOUT_KEY_LIFETIME; - WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); + WPA_PUT_LE32(pos, conf->r0_key_lifetime); pos += 4; } #endif /* CONFIG_IEEE80211R */ diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index beeeca7..07b0b09 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -838,7 +838,7 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk, const u8 *ssid = sm->wpa_auth->conf.ssid; size_t ssid_len = sm->wpa_auth->conf.ssid_len; int psk_local = sm->wpa_auth->conf.ft_psk_generate_local; - int expiresIn = sm->wpa_auth->conf.r0_key_lifetime * 60; + int expiresIn = sm->wpa_auth->conf.r0_key_lifetime; struct ft_vlan vlan; u8 identity[FT_IDENTITY_LEN], radius_cui[FT_RADIUS_CUI_LEN]; int identity_len, radius_cui_len; @@ -2189,7 +2189,7 @@ static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth, struct ft_remote_r0kh *r0kh, *r0kh_wildcard = NULL; int pairwise, res, expiresIn, session_timeout; struct ft_pull_resp_cb_ctx ctx; - int maxExpiresIn = wpa_auth->conf.r0_key_lifetime * 60; + int maxExpiresIn = wpa_auth->conf.r0_key_lifetime; wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 pull response"); @@ -2301,7 +2301,7 @@ static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth, struct os_time now; os_time_t tsend; int pairwise, expiresIn, session_timeout; - int maxExpiresIn = wpa_auth->conf.r0_key_lifetime * 60; + int maxExpiresIn = wpa_auth->conf.r0_key_lifetime; wpa_printf(MSG_DEBUG, "FT: Received PMK-R1 push");