Fix WPA GTK rekeying with multiple VLANs

When using multiple VLANs, GKeyDoneStations counter is not updated properly since wpa_auth_for_each_sta() call in wpa_group_setkeys() ends up iterating through all STAs and not just the STAs of a specific wpa_group (VLAN). Consequently, GTK rekeying gets initialized multiple times if more than a single group state machine exists. Fix this by iterating only through the STAs in the specific wpa_group. Signed-hostap: Michael Braun <michael-dev@fami-braun.de> intended-for: hostap-1
12 years ago · 473b6f22e9
parent 462a7439e1
commit 473b6f22e9
1 changed files with 4 additions and 1 deletions
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -2444,6 +2444,9 @@ static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,

 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
 {
+	if (ctx != NULL && ctx != sm->group)
+		return 0;
+
 	if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
 		wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
 				"Not in PTKINITDONE; skip Group Key update");
@ -2630,7 +2633,7 @@ static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
 			   group->GKeyDoneStations);
 		group->GKeyDoneStations = 0;
 	}
-	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
 	wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
 		   group->GKeyDoneStations);
 }