It can happen if the station is unreachable or sleeping longer than the actual total GTK rekey timeout. To fix the latter case wpa_group_update_count may be increased. Signed-off-by: Günther Kelleter <guenther.kelleter@xxxxxxxxx> --- hostapd/hostapd.conf | 4 ++++ src/ap/wpa_auth.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 3abbb2b..77ff2fe 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1223,6 +1223,10 @@ own_ip_addr=127.0.0.1 # The number of times Message 1 in the RSNA Group Key Handshake is retried # per GTK Handshake attempt. +# This value should only be increased when stations are constantly +# deauthenticated during GTK rekeying with the log message +# "group key handshake failed...". +# You should consider to also increase wpa_pairwise_update_count then. # (dot11RSNAConfigGroupUpdateCount) # range 1..4294967295; default: 4 #wpa_group_update_count=4 diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index d04171e..ebe65a7 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -3127,6 +3127,10 @@ SM_STATE(WPA_PTK_GROUP, KEYERROR) sm->group->GKeyDoneStations--; sm->GUpdateStationKeys = FALSE; sm->Disconnect = TRUE; + wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, + "group key handshake failed (%s) after %u tries", + sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN", + sm->wpa_auth->conf.wpa_group_update_count); } -- 2.10.2.101.g2cc9ff1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
