[PATCH 09/15] AP: Add support for PASN comeback flow
Jouni Malinen
j at w1.fi
Tue Mar 16 16:23:44 GMT 2021
On Mon, Mar 15, 2021 at 02:57:07PM +0200, Ilan Peer wrote:
> hostapd/config_file.c | 2 ++
> src/ap/ap_config.c | 5 +++
> src/ap/ap_config.h | 6 ++++
> src/ap/ieee802_11.c | 72 +++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 85 insertions(+)
> diff --git a/hostapd/config_file.c b/hostapd/config_file.c
> @@ -4675,6 +4675,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
> + } else if (os_strcmp(buf, "pasn_comeback_after") == 0) {
> + bss->pasn_comeback_after = atoi(pos);
This should be documented in hostapd/hostapd.conf.
> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> index 0b95a3d5c1..4f9a0c2d6e 100644
> --- a/src/ap/ieee802_11.c
> +++ b/src/ap/ieee802_11.c
> @@ -709,6 +709,10 @@ static int use_anti_clogging(struct hostapd_data *hapd)
> continue;
> open++;
> #endif /* CONFIG_SAE */
> +#ifdef CONFIG_PASN
> + if (sta->pasn && sta->pasn->ecdh)
> + open++;
> +#endif /* CONFIG_PASN */
> if (open >= hapd->conf->anti_clogging_threshold)
> return 1;
> }
Is this PASN case specifically dependent on sta->sae != NULL? This code
will not be reached unless there is a pending SAE authentication, so
this does not look correct to me.. Should this be something like
following instead?
#ifdef CONFIG_SAE
if (sta->sae &&
(sta->sae->state == SAE_COMMITTED ||
sta->sae->state == SAE_CONFIRMED))
open++;
#endif /* CONFIG_SAE */
#ifdef CONFIG_PASN
if (sta->pasn && sta->pasn->ecdh)
open++;
#endif /* CONFIG_PASN */
if (open >= hapd->conf->anti_clogging_threshold)
return 1;
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list