Fix WPA GTK rekeying with multiple VLANs
When using multiple VLANs, GKeyDoneStations counter is not updated properly since wpa_auth_for_each_sta() call in wpa_group_setkeys() ends up iterating through all STAs and not just the STAs of a specific wpa_group (VLAN). Consequently, GTK rekeying gets initialized multiple times if more than a single group state machine exists. Fix this by iterating only through the STAs in the specific wpa_group. Signed-hostap: Michael Braun <michael-dev@fami-braun.de> intended-for: hostap-1
This commit is contained in:
parent
462a7439e1
commit
473b6f22e9
1 changed files with 4 additions and 1 deletions
|
@ -2444,6 +2444,9 @@ static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
|
||||||
|
|
||||||
static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
|
static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
|
||||||
{
|
{
|
||||||
|
if (ctx != NULL && ctx != sm->group)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
|
if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
||||||
"Not in PTKINITDONE; skip Group Key update");
|
"Not in PTKINITDONE; skip Group Key update");
|
||||||
|
@ -2630,7 +2633,7 @@ static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
|
||||||
group->GKeyDoneStations);
|
group->GKeyDoneStations);
|
||||||
group->GKeyDoneStations = 0;
|
group->GKeyDoneStations = 0;
|
||||||
}
|
}
|
||||||
wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
|
wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
|
||||||
wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
|
wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
|
||||||
group->GKeyDoneStations);
|
group->GKeyDoneStations);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue