aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/mesh_rsn.c
diff options
context:
space:
mode:
authorMasashi Honma <masashi.honma@gmail.com>2015-02-05 14:00:01 (GMT)
committerJouni Malinen <j@w1.fi>2015-02-08 10:43:24 (GMT)
commitbf51f4f82bdb50356de5501acac53fe1b91a7b86 (patch)
tree8ccf467bed3cbf04700c5c18f09716e35aad9e6f /wpa_supplicant/mesh_rsn.c
parent79ddb2062eb2b53937c2c578e56532021cbb8564 (diff)
downloadhostap-bf51f4f82bdb50356de5501acac53fe1b91a7b86.zip
hostap-bf51f4f82bdb50356de5501acac53fe1b91a7b86.tar.gz
hostap-bf51f4f82bdb50356de5501acac53fe1b91a7b86.tar.bz2
mesh: Fix remaining BLOCKED state after SAE auth failure
When SAE authentication fails, wpa_supplicant retries four times. If all the retries result in failure, SAE state machine enters BLOCKED state. Once it enters this state, wpa_supplicant doesn't retry connection. This commit allow connection retries even if the state machine entered BLOCKED state. There could be an opinion "Is this patch needed? User could know the SAE state machine is in the BLOCKED mode by MESH-SAE-AUTH-BLOCKED event. Then user can retry connection. By user action, SAE state machine can change the state from BLOCKED to another.". Yes, this is a true at the joining mesh STA. However, a STA that is already a member of existing mesh BSS should not retry connection because if the joining mesh STA used wrong password, all the existing STA should do something from UI to retry connection. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Diffstat (limited to 'wpa_supplicant/mesh_rsn.c')
-rw-r--r--wpa_supplicant/mesh_rsn.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index d5cf7a9..936002d 100644
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -27,6 +27,7 @@
#define MESH_AUTH_TIMEOUT 10
#define MESH_AUTH_RETRY 3
+#define MESH_AUTH_BLOCK_DURATION 3600
void mesh_auth_timer(void *eloop_ctx, void *user_data)
{
@@ -42,12 +43,23 @@ void mesh_auth_timer(void *eloop_ctx, void *user_data)
if (sta->sae_auth_retry < MESH_AUTH_RETRY) {
mesh_rsn_auth_sae_sta(wpa_s, sta);
} else {
+ if (sta->sae_auth_retry > MESH_AUTH_RETRY) {
+ ap_free_sta(wpa_s->ifmsh->bss[0], sta);
+ return;
+ }
+
/* block the STA if exceeded the number of attempts */
wpa_mesh_set_plink_state(wpa_s, sta, PLINK_BLOCKED);
sta->sae->state = SAE_NOTHING;
+ if (wpa_s->mesh_auth_block_duration <
+ MESH_AUTH_BLOCK_DURATION)
+ wpa_s->mesh_auth_block_duration += 60;
+ eloop_register_timeout(wpa_s->mesh_auth_block_duration,
+ 0, mesh_auth_timer, wpa_s, sta);
wpa_msg(wpa_s, MSG_INFO, MESH_SAE_AUTH_BLOCKED "addr="
- MACSTR,
- MAC2STR(sta->addr));
+ MACSTR " duration=%d",
+ MAC2STR(sta->addr),
+ wpa_s->mesh_auth_block_duration);
}
sta->sae_auth_retry++;
}
@@ -304,6 +316,7 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s,
if (ret)
return ret;
+ eloop_cancel_timeout(mesh_auth_timer, wpa_s, sta);
rnd = rand() % MESH_AUTH_TIMEOUT;
eloop_register_timeout(MESH_AUTH_TIMEOUT + rnd, 0, mesh_auth_timer,
wpa_s, sta);