Re: [PATCH] WPS: Use shorter authentication timeout during no-SelReg iteration for PBC mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Apr 12, 2018 at 11:48:29AM +0200, Michael Olbrich wrote:
> 5add4101626b23c11f073630770896465d9cc8f3 ('WPS: Use shorter authentication
> timeout during no-SelReg iteration') introduced the shorter timeout for PIN
> mode.
> A shorter timeout in PBC mode is useful for P2P. This allows authentication
> retries after lost packages, before the group formation times out.

I'm not sure I understood what the problem would be. Would you be able
to share a wpa_supplicant log with -dt on the command line (i.e.,
including timestamps) from a case where the current behavior is
undesired? Which frames are being lost here?

> I'm not sure if this is the correct fix. I want to avoid the 70 seconds
> timeout for P2P and this seemed the cleanest way to achieve this.

This is not the correct change:

> diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
> @@ -3920,7 +3920,8 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
>  #ifdef CONFIG_WPS
>  		if (wpa_s->current_ssid && wpa_s->current_bss &&
>  		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
> -		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
> +		    (eap_is_wps_pbc_enrollee(&wpa_s->current_ssid->eap) ||
> +		     eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap))) {
>  			/*
>  			 * Use shorter timeout if going through WPS AP iteration
>  			 * for PIN config method with an AP that does not

That comment is clearly documenting this to apply for the PIN case only.
This special case is explicitly for the WPS AP iteration case with APs
that do not advertise Selected Registrar flag. And that flag is always
set for the PBC cases.

If P2P would benefit from shorter timeouts, that should likely be done
as a P2P-specific change. However, I would first want to understand what
frames need to be lost to hit the case you are considering and whether
there would be better ways of retrying those frames rather than using
this upper layer timeout to retry the full WPS exchange.
 
-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux