Double the first group rekey timeout if over 100 associated stations
Increase the first group rekey timeout from 500 ms to 1000 ms when the number of associated stations is greater than 100. This is to avoid client disconnections due to group handshake timeout in multiclient scenarios where it might take more than 500 ms to be able deliver Group Key msg 1/2 to all associated STAs. Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
This commit is contained in:
Sai Pratyusha Magam
Jouni Malinen
parent
a89cf6ba47
commit
2d4be0019d
3 changed files with 28 additions and 4 deletions
|
|
@ -1800,6 +1800,15 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
|||
}
|
||||
|
||||
|
||||
static int wpa_auth_get_sta_count(struct wpa_authenticator *wpa_auth)
|
||||
{
|
||||
if (!wpa_auth->cb->get_sta_count)
|
||||
return -1;
|
||||
|
||||
return wpa_auth->cb->get_sta_count(wpa_auth->cb_ctx);
|
||||
}
|
||||
|
||||
|
||||
static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm, int key_info,
|
||||
const u8 *key_rsc, const u8 *nonce,
|
||||
|
|
@ -1832,11 +1841,16 @@ static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
|||
skip_tx:
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
if (ctr == 1 && wpa_auth->conf.tx_status)
|
||||
timeout_ms = pairwise ? eapol_key_timeout_first :
|
||||
eapol_key_timeout_first_group;
|
||||
else
|
||||
if (ctr == 1 && wpa_auth->conf.tx_status) {
|
||||
if (pairwise)
|
||||
timeout_ms = eapol_key_timeout_first;
|
||||
else if (wpa_auth_get_sta_count(wpa_auth) > 100)
|
||||
timeout_ms = eapol_key_timeout_first_group * 2;
|
||||
else
|
||||
timeout_ms = eapol_key_timeout_first_group;
|
||||
} else {
|
||||
timeout_ms = eapol_key_timeout_subseq;
|
||||
}
|
||||
if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
|
||||
(!pairwise || (key_info & WPA_KEY_INFO_MIC)))
|
||||
timeout_ms = eapol_key_timeout_no_retrans;
|
||||
|
|
|
|||
|
|
@ -342,6 +342,7 @@ struct wpa_auth_callbacks {
|
|||
int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq);
|
||||
int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data,
|
||||
size_t data_len, int encrypt);
|
||||
int (*get_sta_count)(void *ctx);
|
||||
int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm,
|
||||
void *ctx), void *cb_ctx);
|
||||
int (*for_each_auth)(void *ctx, int (*cb)(struct wpa_authenticator *a,
|
||||
|
|
|
|||
|
|
@ -564,6 +564,14 @@ int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
|
|||
}
|
||||
|
||||
|
||||
static int hostapd_wpa_auth_get_sta_count(void *ctx)
|
||||
{
|
||||
struct hostapd_data *hapd = ctx;
|
||||
|
||||
return hapd->num_sta;
|
||||
}
|
||||
|
||||
|
||||
static int hostapd_wpa_auth_for_each_sta(
|
||||
void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx),
|
||||
void *cb_ctx)
|
||||
|
|
@ -1608,6 +1616,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
|
|||
.set_key = hostapd_wpa_auth_set_key,
|
||||
.get_seqnum = hostapd_wpa_auth_get_seqnum,
|
||||
.send_eapol = hostapd_wpa_auth_send_eapol,
|
||||
.get_sta_count = hostapd_wpa_auth_get_sta_count,
|
||||
.for_each_sta = hostapd_wpa_auth_for_each_sta,
|
||||
.for_each_auth = hostapd_wpa_auth_for_each_auth,
|
||||
.send_ether = hostapd_wpa_auth_send_ether,
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue