mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
mesh: Use appropriate BLOCKED state duration
Previously, BLOCKED state duration slightly increased up to 3600. Though
the BLOCKED state could be canceled by ap_handle_timer(). Because the
timer timeouts in ap_max_inactivity(default=300sec) and remove STA
objects (the object retains BLOCKED state).
This patch re-designs my commit bf51f4f82b
('mesh: Fix remaining BLOCKED state after SAE auth failure') to replace
mesh_auth_block_duration by ap_max_inactivity and remove incremental
duration.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This commit is contained in:
parent
5a34d359cd
commit
d774c46aae
@ -27,12 +27,12 @@
|
|||||||
|
|
||||||
#define MESH_AUTH_TIMEOUT 10
|
#define MESH_AUTH_TIMEOUT 10
|
||||||
#define MESH_AUTH_RETRY 3
|
#define MESH_AUTH_RETRY 3
|
||||||
#define MESH_AUTH_BLOCK_DURATION 3600
|
|
||||||
|
|
||||||
void mesh_auth_timer(void *eloop_ctx, void *user_data)
|
void mesh_auth_timer(void *eloop_ctx, void *user_data)
|
||||||
{
|
{
|
||||||
struct wpa_supplicant *wpa_s = eloop_ctx;
|
struct wpa_supplicant *wpa_s = eloop_ctx;
|
||||||
struct sta_info *sta = user_data;
|
struct sta_info *sta = user_data;
|
||||||
|
struct hostapd_data *hapd;
|
||||||
|
|
||||||
if (sta->sae->state != SAE_ACCEPTED) {
|
if (sta->sae->state != SAE_ACCEPTED) {
|
||||||
wpa_printf(MSG_DEBUG, "AUTH: Re-authenticate with " MACSTR
|
wpa_printf(MSG_DEBUG, "AUTH: Re-authenticate with " MACSTR
|
||||||
@ -43,23 +43,20 @@ void mesh_auth_timer(void *eloop_ctx, void *user_data)
|
|||||||
if (sta->sae_auth_retry < MESH_AUTH_RETRY) {
|
if (sta->sae_auth_retry < MESH_AUTH_RETRY) {
|
||||||
mesh_rsn_auth_sae_sta(wpa_s, sta);
|
mesh_rsn_auth_sae_sta(wpa_s, sta);
|
||||||
} else {
|
} else {
|
||||||
|
hapd = wpa_s->ifmsh->bss[0];
|
||||||
|
|
||||||
if (sta->sae_auth_retry > MESH_AUTH_RETRY) {
|
if (sta->sae_auth_retry > MESH_AUTH_RETRY) {
|
||||||
ap_free_sta(wpa_s->ifmsh->bss[0], sta);
|
ap_free_sta(hapd, sta);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* block the STA if exceeded the number of attempts */
|
/* block the STA if exceeded the number of attempts */
|
||||||
wpa_mesh_set_plink_state(wpa_s, sta, PLINK_BLOCKED);
|
wpa_mesh_set_plink_state(wpa_s, sta, PLINK_BLOCKED);
|
||||||
sta->sae->state = SAE_NOTHING;
|
sta->sae->state = SAE_NOTHING;
|
||||||
if (wpa_s->mesh_auth_block_duration <
|
|
||||||
MESH_AUTH_BLOCK_DURATION)
|
|
||||||
wpa_s->mesh_auth_block_duration += 60;
|
|
||||||
eloop_register_timeout(wpa_s->mesh_auth_block_duration,
|
|
||||||
0, mesh_auth_timer, wpa_s, sta);
|
|
||||||
wpa_msg(wpa_s, MSG_INFO, MESH_SAE_AUTH_BLOCKED "addr="
|
wpa_msg(wpa_s, MSG_INFO, MESH_SAE_AUTH_BLOCKED "addr="
|
||||||
MACSTR " duration=%d",
|
MACSTR " duration=%d",
|
||||||
MAC2STR(sta->addr),
|
MAC2STR(sta->addr),
|
||||||
wpa_s->mesh_auth_block_duration);
|
hapd->conf->ap_max_inactivity);
|
||||||
}
|
}
|
||||||
sta->sae_auth_retry++;
|
sta->sae_auth_retry++;
|
||||||
}
|
}
|
||||||
|
@ -754,7 +754,6 @@ struct wpa_supplicant {
|
|||||||
unsigned int mesh_if_created:1;
|
unsigned int mesh_if_created:1;
|
||||||
unsigned int mesh_ht_enabled:1;
|
unsigned int mesh_ht_enabled:1;
|
||||||
unsigned int mesh_vht_enabled:1;
|
unsigned int mesh_vht_enabled:1;
|
||||||
int mesh_auth_block_duration; /* sec */
|
|
||||||
#endif /* CONFIG_MESH */
|
#endif /* CONFIG_MESH */
|
||||||
|
|
||||||
unsigned int off_channel_freq;
|
unsigned int off_channel_freq;
|
||||||
|
Loading…
Reference in New Issue
Block a user