HS 2.0R2: Slow down connection attempts on EAP failures

This is needed to limit the number of consecutive authentication
attempts to no more than 10 within a 10-minute interval to avoid
unnecessary load on the authentication server. In addition, use a random
component in the delay to avoid multiple stations hitting the same
timing in case of simultaneous disconnection from the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2013-08-09 23:41:29 +03:00 committed by Jouni Malinen
parent 76a55a8e12
commit 8a77f1be86

View file

@ -4344,17 +4344,23 @@ void wpas_auth_failed(struct wpa_supplicant *wpa_s)
if (ssid->auth_failures > 50) if (ssid->auth_failures > 50)
dur = 300; dur = 300;
else if (ssid->auth_failures > 20)
dur = 120;
else if (ssid->auth_failures > 10) else if (ssid->auth_failures > 10)
dur = 60; dur = 120;
else if (ssid->auth_failures > 5) else if (ssid->auth_failures > 5)
dur = 90;
else if (ssid->auth_failures > 3)
dur = 60;
else if (ssid->auth_failures > 2)
dur = 30; dur = 30;
else if (ssid->auth_failures > 1) else if (ssid->auth_failures > 1)
dur = 20; dur = 20;
else else
dur = 10; dur = 10;
if (ssid->auth_failures > 1 &&
wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
dur += os_random() % (ssid->auth_failures * 10);
os_get_reltime(&now); os_get_reltime(&now);
if (now.sec + dur <= ssid->disabled_until.sec) if (now.sec + dur <= ssid->disabled_until.sec)
return; return;