From: Sai Pratyusha Magam Date: Fri, 29 Sep 2023 15:27:05 +0000 (+0530) Subject: Double the first group rekey timeout if over 100 associated stations X-Git-Tag: hostap_2_11~952 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d4be0019d9236923d5fe9eac1f7e69c484d5d27;p=thirdparty%2Fhostap.git Double the first group rekey timeout if over 100 associated stations Increase the first group rekey timeout from 500 ms to 1000 ms when the number of associated stations is greater than 100. This is to avoid client disconnections due to group handshake timeout in multiclient scenarios where it might take more than 500 ms to be able deliver Group Key msg 1/2 to all associated STAs. Signed-off-by: Sai Pratyusha Magam --- diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 9d153da7d..385eceaa0 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1800,6 +1800,15 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, } +static int wpa_auth_get_sta_count(struct wpa_authenticator *wpa_auth) +{ + if (!wpa_auth->cb->get_sta_count) + return -1; + + return wpa_auth->cb->get_sta_count(wpa_auth->cb_ctx); +} + + static void wpa_send_eapol(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *sm, int key_info, const u8 *key_rsc, const u8 *nonce, @@ -1832,11 +1841,16 @@ static void wpa_send_eapol(struct wpa_authenticator *wpa_auth, skip_tx: #endif /* CONFIG_TESTING_OPTIONS */ - if (ctr == 1 && wpa_auth->conf.tx_status) - timeout_ms = pairwise ? eapol_key_timeout_first : - eapol_key_timeout_first_group; - else + if (ctr == 1 && wpa_auth->conf.tx_status) { + if (pairwise) + timeout_ms = eapol_key_timeout_first; + else if (wpa_auth_get_sta_count(wpa_auth) > 100) + timeout_ms = eapol_key_timeout_first_group * 2; + else + timeout_ms = eapol_key_timeout_first_group; + } else { timeout_ms = eapol_key_timeout_subseq; + } if (wpa_auth->conf.wpa_disable_eapol_key_retries && (!pairwise || (key_info & WPA_KEY_INFO_MIC))) timeout_ms = eapol_key_timeout_no_retrans; diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index c076d71a6..28eea83d8 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -342,6 +342,7 @@ struct wpa_auth_callbacks { int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq); int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data, size_t data_len, int encrypt); + int (*get_sta_count)(void *ctx); int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx), void *cb_ctx); int (*for_each_auth)(void *ctx, int (*cb)(struct wpa_authenticator *a, diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index c810619a4..30a72b126 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -564,6 +564,14 @@ int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr, } +static int hostapd_wpa_auth_get_sta_count(void *ctx) +{ + struct hostapd_data *hapd = ctx; + + return hapd->num_sta; +} + + static int hostapd_wpa_auth_for_each_sta( void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx), void *cb_ctx) @@ -1608,6 +1616,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) .set_key = hostapd_wpa_auth_set_key, .get_seqnum = hostapd_wpa_auth_get_seqnum, .send_eapol = hostapd_wpa_auth_send_eapol, + .get_sta_count = hostapd_wpa_auth_get_sta_count, .for_each_sta = hostapd_wpa_auth_for_each_sta, .for_each_auth = hostapd_wpa_auth_for_each_auth, .send_ether = hostapd_wpa_auth_send_ether,