diff mbox series

dpp: set cap on the PKEX timeout, and reduce once PKEX finishes

Message ID 20240906190514.620603-1-prestwoj@gmail.com (mailing list archive)
State Accepted, archived
Headers show
Series dpp: set cap on the PKEX timeout, and reduce once PKEX finishes | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
prestwoj/iwd-alpine-ci-fetch success Fetch PR
prestwoj/iwd-ci-gitlint success GitLint
prestwoj/iwd-ci-fetch success Fetch PR
prestwoj/iwd-alpine-ci-setupell success Prep - Setup ELL
prestwoj/iwd-ci-setupell success Prep - Setup ELL
prestwoj/iwd-ci-makedistcheck success Make Distcheck
prestwoj/iwd-ci-incremental_build success Incremental build not run PASS
prestwoj/iwd-alpine-ci-makedistcheck success Make Distcheck
prestwoj/iwd-alpine-ci-incremental_build success Incremental build not run PASS
prestwoj/iwd-ci-build success Build - Configure
prestwoj/iwd-alpine-ci-build success Build - Configure
prestwoj/iwd-ci-makecheckvalgrind success Make Check w/Valgrind
prestwoj/iwd-ci-makecheck success Make Check
prestwoj/iwd-ci-clang success clang PASS
prestwoj/iwd-alpine-ci-makecheckvalgrind success Make Check w/Valgrind
prestwoj/iwd-alpine-ci-makecheck success Make Check
prestwoj/iwd-ci-testrunner success test-runner PASS

Commit Message

James Prestwood Sept. 6, 2024, 7:05 p.m. UTC 
If we scan a huge number of frequencies the PKEX timeout can get
rather large. This was overlooked in a prior patch who's intent
was to reduce the PKEX time, but in these cases it increased it.
Now the timeout will be capped at 2 minutes, but will still be
as low as 10 seconds for a single frequency.

In addition there was no timer reset once PKEX was completed.
This could cause excessive waits if, for example, the peer left
the channel mid-authentication. IWD would just wait until the
long PKEX timeout to eventually reset DPP. Once PKEX completes
we can assume that this peer will complete authentication quickly
and if not, we can fail.
---
 src/dpp.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

Comments

Denis Kenzior Sept. 8, 2024, 10:27 p.m. UTC | #1 
Hi James,

On 9/6/24 2:05 PM, James Prestwood wrote:
> If we scan a huge number of frequencies the PKEX timeout can get
> rather large. This was overlooked in a prior patch who's intent
> was to reduce the PKEX time, but in these cases it increased it.
> Now the timeout will be capped at 2 minutes, but will still be
> as low as 10 seconds for a single frequency.
> 
> In addition there was no timer reset once PKEX was completed.
> This could cause excessive waits if, for example, the peer left
> the channel mid-authentication. IWD would just wait until the
> long PKEX timeout to eventually reset DPP. Once PKEX completes
> we can assume that this peer will complete authentication quickly
> and if not, we can fail.
> ---
>   src/dpp.c | 11 +++++++++--
>   1 file changed, 9 insertions(+), 2 deletions(-)
> 

Applied, thanks.

Regards,
-Denis
diff mbox series

Patch

diff --git a/src/dpp.c b/src/dpp.c
index 6f2d45c2..03e2a7a6 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -2831,6 +2831,12 @@  static bool dpp_pkex_start_authentication(struct dpp_sm *dpp)
 
 	dpp_property_changed_notify(dpp);
 
+	/*
+	 * No longer waiting for an arbitrary peer to respond, reduce the
+	 * timeout now that we are proceeding to authentication
+	 */
+	dpp_reset_protocol_timer(dpp, DPP_AUTH_PROTO_TIMEOUT);
+
 	if (dpp->role == DPP_CAPABILITY_ENROLLEE) {
 		dpp->new_freq = dpp->current_freq;
 
@@ -4283,10 +4289,11 @@  static uint32_t *dpp_default_freqs(struct dpp_sm *dpp, size_t *out_len)
 
 static void __dpp_pkex_start_enrollee(struct dpp_sm *dpp)
 {
+	uint32_t timeout = minsize(DPP_PKEX_PROTO_TIMEOUT,
+			dpp->freqs_len * DPP_PKEX_PROTO_PER_FREQ_TIMEOUT);
 	dpp->current_freq = dpp->freqs[0];
 
-	dpp_reset_protocol_timer(dpp,
-			dpp->freqs_len * DPP_PKEX_PROTO_PER_FREQ_TIMEOUT);
+	dpp_reset_protocol_timer(dpp, timeout);
 
 	l_debug("PKEX start enrollee (id=%s)", dpp->pkex_id ?: "unset");