From f1f0ada0c614f1e1353d271e345feb3fafa9d7e7 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Thu, 6 Dec 2012 14:57:06 -0600 Subject: [PATCH] wifi: always enable proactive key caching for WPA Enterprise (rh #834444) Proactive Key Caching (also called Opportunistic Key Caching) allows fast roaming between access points in the same SSID on large enterprise or university networks. Previously it was only enabled for EAP-GTC but there's no reason to restrict it only to that EAP type, as all large wifi deployments can benefit from it. --- src/supplicant-manager/nm-supplicant-config.c | 22 +++++++------------ 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/src/supplicant-manager/nm-supplicant-config.c b/src/supplicant-manager/nm-supplicant-config.c index a91413fabe..21b525826a 100644 --- a/src/supplicant-manager/nm-supplicant-config.c +++ b/src/supplicant-manager/nm-supplicant-config.c @@ -720,6 +720,13 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, */ if (!nm_supplicant_config_add_option (self, "bgscan", "simple:30:-45:300", -1, FALSE)) nm_log_warn (LOGD_SUPPLICANT, "Error enabling background scanning for ESS roaming"); + + /* When using WPA-Enterprise, we want to use Proactive Key Caching (also + * called Opportunistic Key Caching) to avoid full EAP exchanges when + * roaming between access points in the same mobility group. + */ + if (!nm_supplicant_config_add_option (self, "proactive_key_caching", "1", -1, FALSE)) + return FALSE; } } @@ -738,7 +745,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, gboolean success, added; GString *phase1, *phase2; const GByteArray *array; - gboolean peap = FALSE, fast = FALSE; + gboolean fast = FALSE; guint32 i, num_eap; gboolean fast_provisoning_allowed = FALSE; @@ -786,25 +793,12 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, for (i = 0; i < num_eap; i++) { const char *method = nm_setting_802_1x_get_eap_method (setting, i); - if (method && (strcasecmp (method, "peap") == 0)) - peap = TRUE; if (method && (strcasecmp (method, "fast") == 0)) { fast = TRUE; priv->fast_required = TRUE; } } - /* When using PEAP-GTC, we're likely using Cisco kit, so we want to turn - * on PMKSA caching so that roaming between access points actually works - * without a full reauth (which requires a new token code). We may want - * to extend this to all PEAP phase2 methods at some point. - */ - value = nm_setting_802_1x_get_phase2_auth (setting); - if (peap && value && (strcasecmp (value, "gtc") == 0)) { - if (!nm_supplicant_config_add_option (self, "proactive_key_caching", "1", -1, FALSE)) - return FALSE; - } - /* Drop the fragment size a bit for better compatibility */ if (!nm_supplicant_config_add_option (self, "fragment_size", "1300", -1, FALSE)) return FALSE;