[PATCH] wpa_auth: deplete group rekey eloop handler for strict rekeying

Johannes Berg johannes at sipsolutions.net
Wed Oct 25 01:06:10 PDT 2017

From: Johannes Berg <johannes.berg at intel.com>

When strict group rekeying is in effect, every station that leaves
will cause a rekeying to happen 0.5s after leaving. However, if a
lot of stations join/leave, the current code can postponing this
rekeying forever, since it always re-registers the handling with a
0.5s timeout.

Use eloop_deplete_timeout() to address that, only registering the
timeout from scratch if it wasn't pending.

Signed-off-by: Johannes Berg <johannes.berg at intel.com>
 src/ap/wpa_auth.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 8265fa1ca6d9..713bee068ac2 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -698,9 +698,10 @@ void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
 		wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
 				"strict rekeying - force GTK rekey since STA "
 				"is leaving");
-		eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
-		eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
-				       NULL);
+		if (eloop_deplete_timeout(0, 500000, wpa_rekey_gtk,
+					  sm->wpa_auth, NULL) == -1)
+			eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
+					       NULL);
 	eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);

More information about the Hostap mailing list