| Message ID | 20230112193212.568476-4-prestwoj@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2,1/4] eapol: implement rekey support for authenticator | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/pre-ci_am | success | Success |
| prestwoj/iwd-ci-gitlint | success | GitLint |
Hi James, On 1/12/23 13:32, James Prestwood wrote: > --- > src/iwd.ap.rst | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/src/iwd.ap.rst b/src/iwd.ap.rst > index 823aba99..ce402f91 100644 > --- a/src/iwd.ap.rst > +++ b/src/iwd.ap.rst > @@ -67,6 +67,13 @@ The group ``[General]`` contains general AP configuration. > ensure the country is set, and that the desired frequency/channel is > unrestricted. > > + * - RekeyTimeout > + - Timeout for PTK rekeys (seconds) > + > + The time interval at which the AP starts a rekey for a given station. If > + not provided a default value of 600 seconds is used. A value of 0 will > + disable PTK rekeys completely. So the default should be 0 (disabled). Many older Linux kernels can't support pairwise rekeys without (the potential) for leaking cleartext packets during the process. iwd checks for the presence of NL80211_EXT_FEATURE_CAN_REPLACE_PTK0. If the driver isn't capable of this, we actually disconnect when the Authenticator requests a rekey. > + > Network Authentication Settings > ------------------------------- > Regards, -Denis
diff --git a/src/iwd.ap.rst b/src/iwd.ap.rst index 823aba99..ce402f91 100644 --- a/src/iwd.ap.rst +++ b/src/iwd.ap.rst @@ -67,6 +67,13 @@ The group ``[General]`` contains general AP configuration. ensure the country is set, and that the desired frequency/channel is unrestricted. + * - RekeyTimeout + - Timeout for PTK rekeys (seconds) + + The time interval at which the AP starts a rekey for a given station. If + not provided a default value of 600 seconds is used. A value of 0 will + disable PTK rekeys completely. + Network Authentication Settings -------------------------------