Re: [PATCH 1/2] Minor PTK0 Rekey updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Feb 23, 2020 at 10:15:52PM +0100, Alexander Wetzel wrote:
>  - Refuse PTK0 rekey directly at EAPOL#1

That's already there (with minor whitespace difference), so this is not
needed.

>  - Add wpa_deny_ptk0_rekey to AP get_config() output when needed
>  - updated AP and wpa_supplicant config file comments.

Thanks, I'll apply those.

> I've also added the chunks with CONFIG_NO_SCAN_PROCESSING to learn why
> we can drop those chunks. How is the fast reconnect working with
> CONFIG_NO_SCAN_PROCESSING enabled and wpa_supplicant_connect() not
> compiled in? Just curious...

I had to drop those because it would break CONFIG_NO_SCAN_PROCESSING=y
builds. Furthermore, I don't think anyone should really use
CONFIG_NO_SCAN_PROCESSING=y builds or well, at least no one who is using
cfg80211/mac80211 drivers and ap_scan=1. As such, I don't think there is
much point in trying to make fast reconnect work with
CONFIG_NO_SCAN_PROCESSING=y.

> diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
> @@ -625,6 +625,13 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,

> +	if (sm->wpa_deny_ptk0_rekey &&
> +	    wpa_sm_get_state(sm) == WPA_COMPLETED) {
> +		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
> +			"WPA: PTK0 rekey not allowed, reconnecting");
> +		wpa_sm_reconnect(sm);
> +		return;
> +	}
>  
>  	if (sm->wpa_deny_ptk0_rekey && wpa_sm_get_state(sm) == WPA_COMPLETED) {
>  		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
.. this here is that exact same operation..

> diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
> @@ -3316,15 +3316,16 @@ static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s,

> -#ifndef CONFIG_NO_SCAN_PROCESSING
>  		wpa_dbg(wpa_s, MSG_DEBUG, "Try to reconnect to the same BSS");
>  		if (wpa_supplicant_connect(wpa_s, fast_reconnect,
>  					   fast_reconnect_ssid) < 0) {
> +#ifndef CONFIG_NO_SCAN_PROCESSING

Cannot do that since wpa_supplicant_connect() is defined within a
#ifndef CONFIG_NO_SCAN_PROCESSING block..

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux