Add a log message when GTK rekeying failed

It can happen if the station is unreachable or sleeping longer than
the actual total GTK rekey timeout. To fix the latter case
wpa_group_update_count may be increased.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 1fb1bd987eb7182912cae493e8d93ecb0812cce2..9e15615ec2dd0b243903cb228499ff3f26770b80 100644 (file)
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1223,6 +1223,10 @@ own_ip_addr=127.0.0.1
 
 # The number of times EAPOL-Key Message 1/2 in the RSN Group Key Handshake is
 #retried per GTK Handshake attempt. (dot11RSNAConfigGroupUpdateCount)
+# This value should only be increased when stations are constantly
+# deauthenticated during GTK rekeying with the log message
+# "group key handshake failed...".
+# You should consider to also increase wpa_pairwise_update_count then.
 # Range 1..4294967295; default: 4
 #wpa_group_update_count=4
 

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 8c082f42600195fd1fcf1968b08a8a35631931a3..a62ff7b3e540d73ebffa3684fc869cfb2cd96853 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -3134,6 +3134,10 @@ SM_STATE(WPA_PTK_GROUP, KEYERROR)
                sm->group->GKeyDoneStations--;
        sm->GUpdateStationKeys = FALSE;
        sm->Disconnect = TRUE;
+       wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
+                        "group key handshake failed (%s) after %u tries",
+                        sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN",
+                        sm->wpa_auth->conf.wpa_group_update_count);
 }