diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 0955f9140..14d4ee720 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2513,6 +2513,7 @@ static int hostapd_config_fill(struct hostapd_config *conf, bss->wpa = atoi(pos); } else if (os_strcmp(buf, "wpa_group_rekey") == 0) { bss->wpa_group_rekey = atoi(pos); + bss->wpa_group_rekey_set = 1; } else if (os_strcmp(buf, "wpa_strict_rekey") == 0) { bss->wpa_strict_rekey = atoi(pos); } else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) { diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 9b9ab10bc..980c138d6 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1282,7 +1282,10 @@ own_ip_addr=127.0.0.1 # Time interval for rekeying GTK (broadcast/multicast encryption keys) in # seconds. (dot11RSNAConfigGroupRekeyTime) -#wpa_group_rekey=600 +# This defaults to 86400 seconds (once per day) when using CCMP/GCMP as the +# group cipher and 600 seconds (once per 10 minutes) when using TKIP as the +# group cipher. +#wpa_group_rekey=86400 # Rekey GTK when any STA that possesses the current GTK is leaving the BSS. # (dot11RSNAConfigGroupRekeyStrict) diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index f96d7428d..07a13f849 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -1036,6 +1036,9 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss, bss->rsn_pairwise = bss->wpa_pairwise; bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise, bss->rsn_pairwise); + if (!bss->wpa_group_rekey_set) + bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ? + 600 : 86400; if (full_config) { bss->radius->auth_server = bss->radius->auth_servers; diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index fa2ae49bc..14fa23090 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -327,6 +327,7 @@ struct hostapd_bss_config { int wpa_pairwise; int wpa_group; int wpa_group_rekey; + int wpa_group_rekey_set; int wpa_strict_rekey; int wpa_gmk_rekey; int wpa_ptk_rekey;