PMKSA: Do not evict active cache entry when adding new ones
If the PMKSA cache is full (i.e., 32 candidates have been seen in scan results and have not yet expired) then any additional entries can potentially evict the current/active entry (if it is the oldest entry), which triggers a pointless local deauthentication. The supplicant shouldn't replace the current/active entry if it is still valid, but instead the oldest entry that is *not* the current/active one. Signed-hostap: Dan Williams <dcbw@redhat.com> intended-for: hostap-1
This commit is contained in:
parent
473b6f22e9
commit
0e502f97c5
1 changed files with 19 additions and 5 deletions
|
@ -197,11 +197,25 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
|
||||||
if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
|
if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
|
||||||
/* Remove the oldest entry to make room for the new entry */
|
/* Remove the oldest entry to make room for the new entry */
|
||||||
pos = pmksa->pmksa;
|
pos = pmksa->pmksa;
|
||||||
pmksa->pmksa = pos->next;
|
|
||||||
wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache "
|
if (pos == pmksa->sm->cur_pmksa) {
|
||||||
"entry (for " MACSTR ") to make room for new one",
|
/*
|
||||||
MAC2STR(pos->aa));
|
* Never remove the current PMKSA cache entry, since
|
||||||
pmksa_cache_free_entry(pmksa, pos, 0);
|
* it's in use, and removing it triggers a needless
|
||||||
|
* deauthentication.
|
||||||
|
*/
|
||||||
|
pos = pos->next;
|
||||||
|
pmksa->pmksa->next = pos ? pos->next : NULL;
|
||||||
|
} else
|
||||||
|
pmksa->pmksa = pos->next;
|
||||||
|
|
||||||
|
if (pos) {
|
||||||
|
wpa_printf(MSG_DEBUG, "RSN: removed the oldest idle "
|
||||||
|
"PMKSA cache entry (for " MACSTR ") to "
|
||||||
|
"make room for new one",
|
||||||
|
MAC2STR(pos->aa));
|
||||||
|
pmksa_cache_free_entry(pmksa, pos, 0);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Add the new entry; order by expiration time */
|
/* Add the new entry; order by expiration time */
|
||||||
|
|
Loading…
Reference in a new issue