From 184c3efcb32c9f22beeb2308bb1a3749a118ffc1 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Fri, 6 Sep 2024 12:05:14 -0700 Subject: [PATCH] dpp: set cap on the PKEX timeout, and reduce once PKEX finishes If we scan a huge number of frequencies the PKEX timeout can get rather large. This was overlooked in a prior patch who's intent was to reduce the PKEX time, but in these cases it increased it. Now the timeout will be capped at 2 minutes, but will still be as low as 10 seconds for a single frequency. In addition there was no timer reset once PKEX was completed. This could cause excessive waits if, for example, the peer left the channel mid-authentication. IWD would just wait until the long PKEX timeout to eventually reset DPP. Once PKEX completes we can assume that this peer will complete authentication quickly and if not, we can fail. --- src/dpp.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/dpp.c b/src/dpp.c index 6f2d45c2..03e2a7a6 100644 --- a/src/dpp.c +++ b/src/dpp.c @@ -2831,6 +2831,12 @@ static bool dpp_pkex_start_authentication(struct dpp_sm *dpp) dpp_property_changed_notify(dpp); + /* + * No longer waiting for an arbitrary peer to respond, reduce the + * timeout now that we are proceeding to authentication + */ + dpp_reset_protocol_timer(dpp, DPP_AUTH_PROTO_TIMEOUT); + if (dpp->role == DPP_CAPABILITY_ENROLLEE) { dpp->new_freq = dpp->current_freq; @@ -4283,10 +4289,11 @@ static uint32_t *dpp_default_freqs(struct dpp_sm *dpp, size_t *out_len) static void __dpp_pkex_start_enrollee(struct dpp_sm *dpp) { + uint32_t timeout = minsize(DPP_PKEX_PROTO_TIMEOUT, + dpp->freqs_len * DPP_PKEX_PROTO_PER_FREQ_TIMEOUT); dpp->current_freq = dpp->freqs[0]; - dpp_reset_protocol_timer(dpp, - dpp->freqs_len * DPP_PKEX_PROTO_PER_FREQ_TIMEOUT); + dpp_reset_protocol_timer(dpp, timeout); l_debug("PKEX start enrollee (id=%s)", dpp->pkex_id ?: "unset");