HS 2.0R2: Slow down connection attempts on EAP failures
This is needed to limit the number of consecutive authentication attempts to no more than 10 within a 10-minute interval to avoid unnecessary load on the authentication server. In addition, use a random component in the delay to avoid multiple stations hitting the same timing in case of simultaneous disconnection from the network. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
76a55a8e12
commit
8a77f1be86
1 changed files with 9 additions and 3 deletions
|
@ -4344,17 +4344,23 @@ void wpas_auth_failed(struct wpa_supplicant *wpa_s)
|
||||||
|
|
||||||
if (ssid->auth_failures > 50)
|
if (ssid->auth_failures > 50)
|
||||||
dur = 300;
|
dur = 300;
|
||||||
else if (ssid->auth_failures > 20)
|
|
||||||
dur = 120;
|
|
||||||
else if (ssid->auth_failures > 10)
|
else if (ssid->auth_failures > 10)
|
||||||
dur = 60;
|
dur = 120;
|
||||||
else if (ssid->auth_failures > 5)
|
else if (ssid->auth_failures > 5)
|
||||||
|
dur = 90;
|
||||||
|
else if (ssid->auth_failures > 3)
|
||||||
|
dur = 60;
|
||||||
|
else if (ssid->auth_failures > 2)
|
||||||
dur = 30;
|
dur = 30;
|
||||||
else if (ssid->auth_failures > 1)
|
else if (ssid->auth_failures > 1)
|
||||||
dur = 20;
|
dur = 20;
|
||||||
else
|
else
|
||||||
dur = 10;
|
dur = 10;
|
||||||
|
|
||||||
|
if (ssid->auth_failures > 1 &&
|
||||||
|
wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
|
||||||
|
dur += os_random() % (ssid->auth_failures * 10);
|
||||||
|
|
||||||
os_get_reltime(&now);
|
os_get_reltime(&now);
|
||||||
if (now.sec + dur <= ssid->disabled_until.sec)
|
if (now.sec + dur <= ssid->disabled_until.sec)
|
||||||
return;
|
return;
|
||||||
|
|
Loading…
Reference in a new issue