[RFC PATCH] PMKSA: make deauthentication due to cache entry removal more granular

Jouni Malinen j
Sun Nov 25 12:09:49 PST 2012

On Mon, Aug 13, 2012 at 05:40:06PM -0500, Dan Williams wrote:
> Expiry can always trigger a deauthentication, but otherwise, deauthentication
> should only happen when the *current* cache entry is removed and not being
> replaced.  It should not happen when the current PMK just happens to match
> the PMK of the entry being removed, since multiple entries can have the same
> PMK and are often removed at different times.
> This fixes an issue where eviction of the oldest inactive entry due to adding
> a newer entry to a full cache caused a deauthentication when the entry being
> removed had the same PMK as the current entry.

Thanks, applied. Though, I also modified pmksa_cache_add() to avoid
clearing the sm->cur_pmksa pointer prior to calling
pmksa_cache_free_entry(PMKSA_REPLACE) since that skipping of
disconnection is now handled within the callback based on that new
PMKSA_REPLACE parameter.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list