[PATCH 0/4] Fix mesh anti-clogging functionality
Masashi Honma
masashi.honma
Wed Nov 26 17:26:37 PST 2014
2014-11-25 23:57 GMT+09:00 Jouni Malinen <j at w1.fi>:
> On Tue, Nov 25, 2014 at 11:04:39AM +0900, Masashi Honma wrote:
>> The mesh anti-clogging functionality is implemented partially. So it causes
>> some issues. This patchset implements it and fixes some issues.
>>
>> Masashi Honma (4):
>> mesh: Fix anti-clogging functionality for mesh
>> SAE: Fix Anti-Clogging Token request frame format
>
> Thanks! Applied those two with some changes.
>
>> SAE: Fix confirm frame tx on error path
>> SAE: Fix auth_transaction error handling
Thanks!
>
> As noted in previous emails, these do not look correct to me, so I
> dropped these. If there are issues with continuous frame exchanges in
> error cases, I'd claim that the other end of the connection should be
> fixed (and assuming that this wpa_supplicant, those changes would be
> somewhere else in SAE/authentication processing). I did not see these
> issues when trying to force those error paths to trigger in
> infrastructure BSS cases (didn't try mesh, though).
Thank you for your review.
Unfortunately, continuous frame exchanges still occurs on mesh case.
And all peers are wpa_supplicant (all uses identical source code).
My reproduction way for 3/4 is
- use only 2 peers
- for peer1. set sae_anti_clogging_threshold to 0
- for peer2. insert a test code to sae_check_confirm() to fail only first time
The code is like this.
diff --git a/src/common/sae.c b/src/common/sae.c
index 87d49b6..76533bb 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -1024,11 +1024,18 @@ void sae_write_confirm(struct sae_data *sae,
struct wpabuf *buf)
wpabuf_put(buf, SHA256_MAC_LEN));
}
+static int first = 1;
int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len)
{
u8 verifier[SHA256_MAC_LEN];
+ if (first) {
+ first = 0;
+ wpa_printf(MSG_INFO, "SAE: %s failed", __func__);
+ return -1;
+ }
+
if (len < 2 + SHA256_MAC_LEN) {
wpa_printf(MSG_DEBUG, "SAE: Too short confirm message");
return -1;
So I will modify previous patches to fix this matter.
More information about the Hostap
mailing list