From patchwork Thu Jan 12 19:32:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13098674 Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74EDC8476 for ; Thu, 12 Jan 2023 19:32:19 +0000 (UTC) Received: by mail-pj1-f43.google.com with SMTP id o1-20020a17090a678100b00219cf69e5f0so24683720pjj.2 for ; Thu, 12 Jan 2023 11:32:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=pk14Sm7rZWGqpTZdA3m4nIsIAFhlLNnm9DOjpAkMPco=; b=GOTq3Iei1WrINqMjX8mkrsceJaziTAlIjmyELOb2gdbPC8AllunXksAe6TqyQ28L0h rpBajycHzYFl2749W4zKM3jw/2pLz2Fj0YlAfIJcfZ3qrLiIWWVcHyB0umOSBpbzGA7x Npgxhxcu2CkP+kKXsBPRWdwG+Rrt6TCPDzus/rvWrM8yhfwtRW2vTFNOybjR4s4QarYp 1OxYrDzA5W7ShVS7i0TgipaEhl8J4bZWj6/NM7hGNzSwwyjIE81KvhluPhpGneWVi7t0 2ByzhvpKCbnCc2edX1C5et+2iG+MYxpNy+8vyomDtQm1WGHSBvgvOPF8/GqXnyjQ0WhS ciUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pk14Sm7rZWGqpTZdA3m4nIsIAFhlLNnm9DOjpAkMPco=; b=Ws9u1aqVP6odjFvREwKmCLHDdvOooIPCojJljjA9vGymv9tYOmHnb/qornuWTpR5Q7 Y5X+GG6SCeogC84ONTm4u6gHVUsOll3X5uQRhPow6XNTHHBN1gANzV0ZnhEkMxadshkR Q5EsgYcpZWiNVsz9ul/U6O70UOoAsfgDlVP0S7OjTk14gCNcKn0eI280hGsovexW7D+F e/4jJ46AL8mG/cCOGaO1jMZmiwJMFLPkRFq3AsoDDzABTvZYupCw7PI9hxPA7OME/Hal jsqWvrl6evfIozx1M7/ONWy4J+F9x7K0/xULf7ndRxohkOgci4/V7dtNXTF2COOU6oDP pbpw== X-Gm-Message-State: AFqh2kotDgXJEMoo4FHqH9HVGapkT0IoteCmrHi5gK3L2gZ1sNfDMUNJ YYWLwbntUJm5gUDXcT5O25OEQQMKr/g= X-Google-Smtp-Source: AMrXdXtqC8JNL5yF7OnFZBwaYo/XtYaqibSE4psLmbGan7tOdpVmiCZS2vmUQbkXgoCI8e4LdYvmLw== X-Received: by 2002:a17:90a:7891:b0:228:f21b:a3ff with SMTP id x17-20020a17090a789100b00228f21ba3ffmr5514556pjk.42.1673551938604; Thu, 12 Jan 2023 11:32:18 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id qe12-20020a17090b4f8c00b00218fba260e2sm12732147pjb.43.2023.01.12.11.32.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jan 2023 11:32:18 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH v2 1/4] eapol: implement rekey support for authenticator Date: Thu, 12 Jan 2023 11:32:09 -0800 Message-Id: <20230112193212.568476-1-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The only changes required was to set the secure bit for message 1, reset the frame retry counter, and change the 2/4 verifier to use the rekey flag rather than ptk_complete. This is because we must set ptk_complete false in order to detect retransmissions of the 4/4 frame. Initiating a rekey can now be done by simply calling eapol_start(). --- src/eapol.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index 22b2d5d1..2048a87d 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -1086,8 +1086,6 @@ static void eapol_send_ptk_1_of_4(struct eapol_sm *sm) handshake_state_new_anonce(sm->handshake); - sm->handshake->ptk_complete = false; - sm->replay_counter++; memset(ek, 0, EAPOL_FRAME_LEN(sm->mic_len)); @@ -1111,6 +1109,12 @@ static void eapol_send_ptk_1_of_4(struct eapol_sm *sm) eapol_key_data_append(ek, sm->mic_len, HANDSHAKE_KDE_PMKID, pmkid, 16); + if (sm->handshake->ptk_complete) { + ek->secure = true; + sm->rekey = true; + sm->handshake->ptk_complete = false; + } + ek->header.packet_len = L_CPU_TO_BE16(EAPOL_FRAME_LEN(sm->mic_len) + EAPOL_KEY_DATA_LEN(ek, sm->mic_len) - 4); @@ -1589,7 +1593,7 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm, l_debug("ifindex=%u", sm->handshake->ifindex); - if (!eapol_verify_ptk_2_of_4(ek, sm->handshake->ptk_complete)) + if (!eapol_verify_ptk_2_of_4(ek, sm->rekey)) return; if (L_BE64_TO_CPU(ek->key_replay_counter) != sm->replay_counter) @@ -2482,6 +2486,8 @@ static void eapol_eap_complete_cb(enum eap_result result, void *user_data) /* sm->mic_len will have been set in eapol_eap_results_cb */ + sm->frame_retry = 0; + /* Kick off 4-Way Handshake */ eapol_ptk_1_of_4_retry(NULL, sm); } @@ -2873,6 +2879,8 @@ bool eapol_start(struct eapol_sm *sm) if (L_WARN_ON(!sm->handshake->have_pmk)) return false; + sm->frame_retry = 0; + /* Kick off handshake */ eapol_ptk_1_of_4_retry(NULL, sm); } From patchwork Thu Jan 12 19:32:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13098675 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB56F847C for ; Thu, 12 Jan 2023 19:32:20 +0000 (UTC) Received: by mail-pl1-f177.google.com with SMTP id d9so21212451pll.9 for ; Thu, 12 Jan 2023 11:32:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=V2dMBLdp/cSDQSwvGWM5UwCjg5T9c7KTOFWtchu/kaQ=; b=nx0sM8Jzv2hN4xvKyOfeDYioQSzb4P6PHCXeN6pnCZq45QxcYeJn2EAVIypAFWQCMx EbJfbvSipL4ZyznMYLddX1KTA+tbiqYQ6hiSWyc6paHlGnW+MkaNgAQjzX02KPOrltYi dzaIRoisH2X6KmptjZr8PWnok6yL1FnbX4DwluuBoMu+46bPQS2PgYAQJi/n5+I8YmY1 Bd2ydfvVW0CWVDcpGo5a0aQM9YP5h3I4W4pIzeD8zdZ5AN7a0+ulyvBKwqp20dqh7cYi 0oyJhZ+Ot2aTKGdOum96gMGZhBU3uZVfkCtsOm+X9O5hNIee188XGyM+zVfG4mdTzRDo uhdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=V2dMBLdp/cSDQSwvGWM5UwCjg5T9c7KTOFWtchu/kaQ=; b=CX10oTeEbkKWd+CBadiwniB25BRiqdHj4cEuOrwaHqC7TMUz8IL2xu2C/JEybB6vP8 zff7aP2jee7Xgrl8Um0nGB1tWPoZOjvCzThvdaHtcuApsDZ9Uh9Qe0qHWjBCYPJYgB6R bPywmVJROhgakbH0dUuYRRlmF+UlmjFuzf1GzAWUu8AIrelvPBv+mI3h9ySEVVBlW5Sh ru+DJ7Pv3UhyuFR9iV6k5zDl5BduyO0M7O4/4ufK/w4ih8dFlwKh58bS4zDq1Z/2pMk8 d8L0SMpYKTdewy1nCLQGlzdMSRlo6vF0+INIg3nomBcKIlyceCIWwj2bMK90CuNfomAQ eOkA== X-Gm-Message-State: AFqh2kqZPuyiQBTwF6rY2xzGg9BzZXI8crX6f7j1N6XCoE5diJp0zLu8 5CYqEpgVmZExJZBgh0iVbNkwmXpCfug= X-Google-Smtp-Source: AMrXdXvcYLN6tOrSwcjA/LLcIf8ZjSvd5zNdTFd3mp8TKCFKW9iG5cQU5HlwTuyYsQpa6yjZht+g9w== X-Received: by 2002:a17:90a:bb03:b0:225:a226:9fbb with SMTP id u3-20020a17090abb0300b00225a2269fbbmr76559765pjr.39.1673551939904; Thu, 12 Jan 2023 11:32:19 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id qe12-20020a17090b4f8c00b00218fba260e2sm12732147pjb.43.2023.01.12.11.32.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jan 2023 11:32:18 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH v2 2/4] eapol: detect message 2/4 retransmits Date: Thu, 12 Jan 2023 11:32:10 -0800 Message-Id: <20230112193212.568476-2-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20230112193212.568476-1-prestwoj@gmail.com> References: <20230112193212.568476-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 If the authenticator has already set an snonce then the packet must be a retransmit. Handle this by sending 3/4 again but making sure to not reset the frame counter. --- src/eapol.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index 2048a87d..c1ef8f90 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -1645,12 +1645,18 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm, sm->handshake->support_ip_allocation = ip_req_kde != NULL; } + /* + * If the snonce is already set don't reset the retry counter as this + * is a rekey. To be safe take the most recent snonce (in this frame) + * in case the station created a new one. + */ + if (!sm->handshake->have_snonce) + sm->frame_retry = 0; + memcpy(sm->handshake->snonce, ek->key_nonce, sizeof(sm->handshake->snonce)); sm->handshake->have_snonce = true; - sm->frame_retry = 0; - eapol_ptk_3_of_4_retry(NULL, sm); } From patchwork Thu Jan 12 19:32:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13098676 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1B6EA8476 for ; Thu, 12 Jan 2023 19:32:21 +0000 (UTC) Received: by mail-pl1-f178.google.com with SMTP id w3so21242206ply.3 for ; Thu, 12 Jan 2023 11:32:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nqEd37xqg0TIhk91S9sCwhQq6FfXz5qJsZccc77fNOs=; b=DrD4eMoOvVDKlGFXOROn1WwU0yNJq3YLIuAmc3NtYeCD+ta4oWMh+Ei7fBURpJQebp Xq/kk69XyMv/7tWlwJONze+42FllFk0R2ZWbG26XhbHz7LqzI9rKliLxgZ1vGBph5eEG ztCG7wvwI1gv1BRUrxzpeuvFO9ZDUifkpkrfHb+YXXjxB49uLvDXX5/FndmLyimX6Mwr ICbRXoEnfZ4YycMnab9YWLk1qiK8oLN4bm1K/mEuVMb8nhCIBLBGiVdrBSr55qmf0vfy 5UDdkqiVUmhPh36idsL1eDdAcGEYXuZB1t8xzClhdzrfI8fC6mK2lcEydn+WkmxpbXua uDZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nqEd37xqg0TIhk91S9sCwhQq6FfXz5qJsZccc77fNOs=; b=VM/laSXmSHIftEsxFX0glDCJlogMz2IntXZCIKl9Lnu/N9BJaYj5SCloERknk8mG+o KXV2a8zbD5VCvLgSEyNrwl4a5wIc7qZrUOvh9Ve+DMt3+xiquj34Dc8v6cxQI4uHjUUo bVecf1uEDfAJO3r5NZ9okUF9D2tXl2NKvc7OsC14fPNZOdPOT5CCXaW+oEA5J0c89GF2 4epV50k8SOCyQ//D6bZA9PcISV/LasOtM/LG4IQyEZFpG3WzFoAzWwqcea5aLcM+BBV4 Y18MHrWAsjKcyWtx8Tf4UTYrzzIbtJOUc90MTVl8+mVomzKHkZHYPWqpel0peNropegm YZ3w== X-Gm-Message-State: AFqh2koTW9XYQQ7xpWjz3CkWwvxKuMAtWGcYzsQIRkG4vfrzbp9rB4Zw mLPpsx20dJYlfcNmcByo4BoRTq6mxgM= X-Google-Smtp-Source: AMrXdXvTmyJX4QHozsMDc1iycei1dhCOA4wxtNWVz+t0Nc3Eei1ymKFXhiUE7xuqF+dFvb/mnXDSAw== X-Received: by 2002:a17:90a:f112:b0:226:6d:1a31 with SMTP id cc18-20020a17090af11200b00226006d1a31mr8079214pjb.49.1673551941280; Thu, 12 Jan 2023 11:32:21 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id qe12-20020a17090b4f8c00b00218fba260e2sm12732147pjb.43.2023.01.12.11.32.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jan 2023 11:32:20 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH v2 3/4] ap: support PTK rekeys Date: Thu, 12 Jan 2023 11:32:11 -0800 Message-Id: <20230112193212.568476-3-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20230112193212.568476-1-prestwoj@gmail.com> References: <20230112193212.568476-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This adds support for rekeys to AP mode. A single timer is used and reset to the next station needing a rekey. A default rekey timer of 600 seconds is used unless the profile sets a timeout. --- src/ap.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/src/ap.c b/src/ap.c index 1d937103..ef819724 100644 --- a/src/ap.c +++ b/src/ap.c @@ -60,6 +60,8 @@ #include "src/band.h" #include "src/common.h" +#define AP_DEFAULT_REKEY_SECONDS 600 + struct ap_state { struct netdev *netdev; struct l_genl_family *nl80211; @@ -106,6 +108,9 @@ struct ap_state { struct l_dbus_message *scan_pending; struct l_queue *networks; + struct l_timeout *rekey_timeout; + unsigned int rekey_time; + bool started : 1; bool gtk_set : 1; bool netconfig_set_addr4 : 1; @@ -137,6 +142,7 @@ struct sta_state { bool wsc_v2; struct l_dhcp_lease *ip_alloc_lease; bool ip_alloc_sent; + uint64_t rekey_time; bool ht_support : 1; bool ht_greenfield : 1; @@ -345,6 +351,11 @@ static void ap_reset(struct ap_state *ap) l_queue_destroy(ap->networks, l_free); ap->networks = NULL; } + + if (ap->rekey_timeout) { + l_timeout_remove(ap->rekey_timeout); + ap->rekey_timeout = NULL; + } } static bool ap_event_done(struct ap_state *ap, bool prev_in_event) @@ -377,6 +388,8 @@ static bool ap_event(struct ap_state *ap, enum ap_event_type event, return ap_event_done(ap, prev); } +static void ap_reset_rekey_timeout(struct ap_state *ap); + static void ap_del_station(struct sta_state *sta, uint16_t reason, bool disassociate) { @@ -439,6 +452,89 @@ static void ap_del_station(struct sta_state *sta, uint16_t reason, ap_event_done(ap, prev); } + + ap_reset_rekey_timeout(ap); +} + +static void ap_start_rekey(struct ap_state *ap, struct sta_state *sta) +{ + l_debug("Rekey STA "MAC, MAC_STR(sta->addr)); + + eapol_start(sta->sm); +} + +static void ap_rekey_timeout(struct l_timeout *timeout, void *user_data) +{ + struct ap_state *ap = user_data; + + l_timeout_remove(timeout); + + ap_reset_rekey_timeout(ap); +} + +/* + * Used to initiate any rekeys which are due and reset the rekey timer to the + * next soonest station needing a rekey. + * + * TODO: Could adapt this to also take into account the next GTK rekey and + * service that as well. But GTK rekeys are not yet supported in AP mode. + */ +static void ap_reset_rekey_timeout(struct ap_state *ap) +{ + const struct l_queue_entry *e; + uint64_t now = l_time_now(); + uint64_t next = 0; + + if (!ap->rekey_time) + return; + + /* Find the station(s) that need a rekey and start it */ + for (e = l_queue_get_entries(ap->sta_states); e; e = e->next) { + struct sta_state *sta = e->data; + + if (!sta->associated || !sta->rsna) + continue; + + if (l_time_before(now, sta->rekey_time)) { + uint64_t diff = l_time_diff(now, sta->rekey_time); + + /* Finding the next rekey time */ + if (next < diff) + next = diff; + + continue; + } + + ap_start_rekey(ap, sta); + } + + /* + * Set the next rekey to the station needing it the soonest, or NULL + * if a single station and wait until the rekey is complete to reset + * the timer. + */ + if (next) + ap->rekey_timeout = l_timeout_create(l_time_to_secs(next), + ap_rekey_timeout, ap, NULL); + else + ap->rekey_timeout = NULL; +} + +static void ap_set_sta_rekey_timer(struct ap_state *ap, struct sta_state *sta) +{ + if (!ap->rekey_time) + return; + + sta->rekey_time = l_time_now() + ap->rekey_time - 1; + + /* + * First/only station authenticated, set rekey timer. Any more stations + * will just set their rekey time and be serviced by the single callback + */ + if (!ap->rekey_timeout) + ap->rekey_timeout = l_timeout_create( + l_time_to_secs(ap->rekey_time), + ap_rekey_timeout, ap, NULL); } static bool ap_sta_match_addr(const void *a, const void *b) @@ -479,6 +575,8 @@ static void ap_new_rsna(struct sta_state *sta) sta->rsna = true; + ap_set_sta_rekey_timer(ap, sta); + event_data.mac = sta->addr; event_data.assoc_ies = sta->assoc_ies; event_data.assoc_ies_len = sta->assoc_ies_len; @@ -1372,6 +1470,9 @@ static void ap_handshake_event(struct handshake_state *hs, sta->hs->go_ip_addr = IP4_FROM_STR(own_addr_str); break; } + case HANDSHAKE_EVENT_REKEY_COMPLETE: + ap_set_sta_rekey_timer(ap, sta); + return; default: break; } @@ -3628,6 +3729,19 @@ static int ap_load_config(struct ap_state *ap, const struct l_settings *config, l_strfreev(strvval); } + if (l_settings_has_key(config, "General", "RekeyTimeout")) { + unsigned int uintval; + + if (!l_settings_get_uint(config, "General", + "RekeyTimeout", &uintval)) { + l_error("AP [General].RekeyTimeout is not valid"); + return -EINVAL; + } + + ap->rekey_time = uintval * L_USEC_PER_SEC; + } else + ap->rekey_time = AP_DEFAULT_REKEY_SECONDS * L_USEC_PER_SEC; + /* * Since 5GHz won't ever support only CCK rates we can ignore this * setting on that band. From patchwork Thu Jan 12 19:32:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13098677 Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDE1D847C for ; Thu, 12 Jan 2023 19:32:22 +0000 (UTC) Received: by mail-pj1-f43.google.com with SMTP id o1-20020a17090a678100b00219cf69e5f0so24683917pjj.2 for ; Thu, 12 Jan 2023 11:32:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XOA1KJtJe0EYrXWOZX9o8wFbgdeUO4B/DZqAfRPT/Pw=; b=nWkXtpMJfgqnUjfYg1yBbQHT1L8iOnD+nXJCpajSo3w7qeJzZ4FSOuwe0NE4zPMAHa 2oFddEak1wtF+h17E2qSlKrSLCuWUz7J9nuind0GcQM+tv10nUHLidc12XrK2sXMzJKs OmN17HXopZtPoDILajMh0LQ2Z/a60Gckqi+2mRI4Dhub6CZFAdgmUeQsQqnZoE0JbT7K cDrIrWHt99w4esswY9MdwoUFO7jzdFTE1Ub+t49xwvQwP5pM5+fouoNeg+9Lzhjnsl6W RIvBxqutwVc0c7aK8aonEHvprPDAyHFkotB6nMRrMiflzocmwbIJ1z7e62NtboOEDkms eKoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XOA1KJtJe0EYrXWOZX9o8wFbgdeUO4B/DZqAfRPT/Pw=; b=MW/KkvkmXIiqEpc1iKNstpGfNOQrnj/2+0oD7lGO7/QuLzvdWMzNztCxK1ICU5hpae him31eVAg6zS0h31yTGQA2V9Jfew4VuFK31Qa7GDCr3n+R71xTpMqPQfu76T8UEwvnNi /6kv2imWM6L7EcPI7T7hc8X5LyoeHKXtXLKcGGugxL3k0KcojrfYjJblKIzUSSxZlctU 04edmzKilgHWbhbgxP4kyz8oR+L1pkqKbeJZDK7GfNFsbME6Y9ic7y4Y5lBpT846ERLc UZ1cYwXUvaNDEvIWa2z+JFQDxYG24avqnrepVxUi2Ot7RrTVBoJuOtR3/SO7wws4oYC9 l2Yg== X-Gm-Message-State: AFqh2kr2dZOixTdDXWZvSSmrZaJi0pDGNtydpEc1VoABxDKdgBmaQgGB MpHUQIlDRI1941PBLPh+vpeYD1GAqwE= X-Google-Smtp-Source: AMrXdXsqxLXVG7MPr/sY4C73I0mdCCA14WS6NA8KjP9/6Jf/7xnbBcqa70Ia4mjweWe5v0ZtYolBnQ== X-Received: by 2002:a17:90a:fa88:b0:225:f20f:150f with SMTP id cu8-20020a17090afa8800b00225f20f150fmr62510818pjb.9.1673551942465; Thu, 12 Jan 2023 11:32:22 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id qe12-20020a17090b4f8c00b00218fba260e2sm12732147pjb.43.2023.01.12.11.32.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Jan 2023 11:32:21 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH v2 4/4] doc: Document RekeyTimeout for AP profiles Date: Thu, 12 Jan 2023 11:32:12 -0800 Message-Id: <20230112193212.568476-4-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20230112193212.568476-1-prestwoj@gmail.com> References: <20230112193212.568476-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- src/iwd.ap.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/iwd.ap.rst b/src/iwd.ap.rst index 823aba99..ce402f91 100644 --- a/src/iwd.ap.rst +++ b/src/iwd.ap.rst @@ -67,6 +67,13 @@ The group ``[General]`` contains general AP configuration. ensure the country is set, and that the desired frequency/channel is unrestricted. + * - RekeyTimeout + - Timeout for PTK rekeys (seconds) + + The time interval at which the AP starts a rekey for a given station. If + not provided a default value of 600 seconds is used. A value of 0 will + disable PTK rekeys completely. + Network Authentication Settings -------------------------------