[PATCH] WPS: Use shorter authentication timeout during no-SelReg iteration for PBC mode

Jouni Malinen j at w1.fi
Sat Apr 14 14:17:47 PDT 2018 

On Thu, Apr 12, 2018 at 11:48:29AM +0200, Michael Olbrich wrote:
> 5add4101626b23c11f073630770896465d9cc8f3 ('WPS: Use shorter authentication
> timeout during no-SelReg iteration') introduced the shorter timeout for PIN
> mode.
> A shorter timeout in PBC mode is useful for P2P. This allows authentication
> retries after lost packages, before the group formation times out.

I'm not sure I understood what the problem would be. Would you be able
to share a wpa_supplicant log with -dt on the command line (i.e.,
including timestamps) from a case where the current behavior is
undesired? Which frames are being lost here?

> I'm not sure if this is the correct fix. I want to avoid the 70 seconds
> timeout for P2P and this seemed the cleanest way to achieve this.

This is not the correct change:

> diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
> @@ -3920,7 +3920,8 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
>  #ifdef CONFIG_WPS
>  		if (wpa_s->current_ssid && wpa_s->current_bss &&
>  		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
> -		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
> +		    (eap_is_wps_pbc_enrollee(&wpa_s->current_ssid->eap) ||
> +		     eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap))) {
>  			/*
>  			 * Use shorter timeout if going through WPS AP iteration
>  			 * for PIN config method with an AP that does not

That comment is clearly documenting this to apply for the PIN case only.
This special case is explicitly for the WPS AP iteration case with APs
that do not advertise Selected Registrar flag. And that flag is always
set for the PBC cases.

If P2P would benefit from shorter timeouts, that should likely be done
as a P2P-specific change. However, I would first want to understand what
frames need to be lost to hit the case you are considering and whether
there would be better ways of retrying those frames rather than using
this upper layer timeout to retry the full WPS exchange.
 
-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list