From 4bb9b674c84b0647f127b660922739a69cd608fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Kelleter?= <guenther.kelleter@devolo.de>
Date: Mon, 6 Feb 2017 23:55:42 +0200
Subject: [PATCH] Add a log message when GTK rekeying failed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It can happen if the station is unreachable or sleeping longer than
the actual total GTK rekey timeout. To fix the latter case
wpa_group_update_count may be increased.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
---
 hostapd/hostapd.conf | 4 ++++
 src/ap/wpa_auth.c    | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 1fb1bd987..9e15615ec 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1223,6 +1223,10 @@ own_ip_addr=127.0.0.1
 
 # The number of times EAPOL-Key Message 1/2 in the RSN Group Key Handshake is
 #retried per GTK Handshake attempt. (dot11RSNAConfigGroupUpdateCount)
+# This value should only be increased when stations are constantly
+# deauthenticated during GTK rekeying with the log message
+# "group key handshake failed...".
+# You should consider to also increase wpa_pairwise_update_count then.
 # Range 1..4294967295; default: 4
 #wpa_group_update_count=4
 
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 8c082f426..a62ff7b3e 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -3134,6 +3134,10 @@ SM_STATE(WPA_PTK_GROUP, KEYERROR)
 		sm->group->GKeyDoneStations--;
 	sm->GUpdateStationKeys = FALSE;
 	sm->Disconnect = TRUE;
+	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
+			 "group key handshake failed (%s) after %u tries",
+			 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN",
+			 sm->wpa_auth->conf.wpa_group_update_count);
 }