Re: [PATCH 09/15] AP: Add support for PASN comeback flow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 15, 2021 at 02:57:07PM +0200, Ilan Peer wrote:
>  hostapd/config_file.c |  2 ++
>  src/ap/ap_config.c    |  5 +++
>  src/ap/ap_config.h    |  6 ++++
>  src/ap/ieee802_11.c   | 72 +++++++++++++++++++++++++++++++++++++++++++
>  4 files changed, 85 insertions(+)

> diff --git a/hostapd/config_file.c b/hostapd/config_file.c
> @@ -4675,6 +4675,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
> +	} else if (os_strcmp(buf, "pasn_comeback_after") == 0) {
> +		bss->pasn_comeback_after = atoi(pos);

This should be documented in hostapd/hostapd.conf.

> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> index 0b95a3d5c1..4f9a0c2d6e 100644
> --- a/src/ap/ieee802_11.c
> +++ b/src/ap/ieee802_11.c
> @@ -709,6 +709,10 @@ static int use_anti_clogging(struct hostapd_data *hapd)
>  			continue;
>  		open++;
>  #endif /* CONFIG_SAE */
> +#ifdef CONFIG_PASN
> +		if (sta->pasn && sta->pasn->ecdh)
> +			open++;
> +#endif /* CONFIG_PASN */
>  		if (open >= hapd->conf->anti_clogging_threshold)
>  			return 1;
>  	}

Is this PASN case specifically dependent on sta->sae != NULL? This code
will not be reached unless there is a pending SAE authentication, so
this does not look correct to me.. Should this be something like
following instead?

#ifdef CONFIG_SAE
	if (sta->sae &&
	    (sta->sae->state == SAE_COMMITTED ||
	     sta->sae->state == SAE_CONFIRMED))
		open++;
#endif /* CONFIG_SAE */
#ifdef CONFIG_PASN
	if (sta->pasn && sta->pasn->ecdh)
		open++;
#endif /* CONFIG_PASN */
	if (open >= hapd->conf->anti_clogging_threshold)
		return 1;

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux