[PATCH 0/4] dpp: recover Enterprise provisioning from ROC dwell misalignment
Gustavo Bertoli
gubertoli at gmail.com
Tue Jun 23 08:57:13 PDT 2026
DPP Enterprise provisioning (sta-dot1x, certBag) is the hard case for GAS
when the Configurator is a station: GAS is then an off-channel
station-to-station rendezvous, each peer on the operating channel only
inside its own remain-on-channel (ROC) dwell, with no shared time base. The
external CA signing delay forces many comeback rounds and the large certBag
fragments the Configuration response, so one provisioning is many
off-channel exchanges -- and a frame sent just as the peer's ROC dwell has
lapsed is not received.
Upstream treats the first such miss as terminal: a missed comeback response
restarts the query on a new dialog token, abandoning the Configurator's
pending entry (keyed by dialog token), with no way to re-attempt the
rendezvous.
This series adds bounded, same-dialog-token recovery so a missed off-channel
exchange is retried when the dwells realign, keeping DPP Enterprise
provisioning alive rather than ending it.
These failure modes were observed on real off-channel hardware (a station
Configurator provisioning a station Enrollee) across repeated runs with
external CA signing delays up to 50 s: the unpatched tree loses
provisioning at the misaligned dwells, and this series recovers it.
1/4 gas_server: on a Comeback Request that arrives before the previous
fragment's TX status, wait for that status instead of resending, which
would supersede the in-flight frame and drop its ACK.
2/4 gas_query: add a per-query comeback_recover flag and a small
gas_query_set_comeback_recover() opt-in so the recovery is limited to
the DPP Enterprise certBag exchange (the Configuration Request that
carries a CSR); gas_query_req() and its other callers
(ANQP/Interworking/HS2.0, other DPP configs) stay unchanged.
3/4 gas_query: when recovering, retry the comeback request on the same
dialog token (after a no-ACK, a missed response, or a duplicate
fragment) instead of failing. A stuck leg is bounded by a fixed
per-leg recovery watchdog (5 s).
4/4 tests: two values added to the existing dpp_test knob to inject a GAS
comeback fault, and two DPP Enterprise regression tests, one per
recovery case (a missed comeback response kept on the same dialog token,
and a certBag fragment resumed after a lost ACK), each red on the
unpatched tree.
Gustavo Bertoli (4):
gas_server: resend a response fragment after a lost ACK
gas_query: add comeback-recovery opt-in for DPP certBag
gas_query: retry GAS comeback requests instead of failing
tests: add DPP GAS comeback fault injection and regression tests
src/common/dpp.h | 2 +
src/common/gas_server.c | 41 ++++++++++++++++++
tests/hwsim/test_dpp.py | 82 ++++++++++++++++++++++++++++++++++++++
wpa_supplicant/dpp_supplicant.c | 6 +++
wpa_supplicant/gas_query.c | 92 +++++++++++++++++++++++++++++++++++------
wpa_supplicant/gas_query.h | 2 +
6 files changed, 213 insertions(+), 12 deletions(-)
--
2.39.5
More information about the Hostap
mailing list