FT: Add support for wildcard R0KH/R1KH
Enable use of FT RRB without configuring each other AP locally. Instead, broadcast messages are exchanged to discover APs within the local network. When an R0KH or R1KH is discovered, it is cached for one day. When a station uses an invalid or offline r0kh_id, requests are always broadcast. In order to avoid this, if r0kh does not reply, a temporary blacklist entry is added to r0kh_list. To avoid blocking a valid r0kh when a non-existing pmk_r0_name is requested, r0kh is required to always reply using a NAK. Resend requests a few times to ensure blacklisting does not happen due to small packet loss. To free newly created stations later, the r*kh_list start pointer in conf needs to be updateable from wpa_auth_ft.c, where only wconf is accessed. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This commit is contained in:
Michael Braun
Jouni Malinen
parent
ba88dd65e7
commit
3a46cf93d0
9 changed files with 570 additions and 68 deletions
|
|
@ -93,6 +93,10 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
|
|||
|
||||
#ifdef CONFIG_IEEE80211R_AP
|
||||
bss->ft_over_ds = 1;
|
||||
bss->rkh_pos_timeout = 86400;
|
||||
bss->rkh_neg_timeout = 60;
|
||||
bss->rkh_pull_timeout = 1000;
|
||||
bss->rkh_pull_retries = 4;
|
||||
#endif /* CONFIG_IEEE80211R_AP */
|
||||
|
||||
bss->radius_das_time_window = 300;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue