Add a log message when GTK rekeying failed

It can happen if the station is unreachable or sleeping longer than
the actual total GTK rekey timeout. To fix the latter case
wpa_group_update_count may be increased.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>

hostapd/hostapd.conf

@@ -1223,6 +1223,10 @@ own_ip_addr=127.0.0.1
 
 # The number of times EAPOL-Key Message 1/2 in the RSN Group Key Handshake is
 #retried per GTK Handshake attempt. (dot11RSNAConfigGroupUpdateCount)
+# This value should only be increased when stations are constantly
+# deauthenticated during GTK rekeying with the log message
+# "group key handshake failed...".
+# You should consider to also increase wpa_pairwise_update_count then.
 # Range 1..4294967295; default: 4
 #wpa_group_update_count=4
 

src/ap/wpa_auth.c

@@ -3134,6 +3134,10 @@ SM_STATE(WPA_PTK_GROUP, KEYERROR)
 		sm->group->GKeyDoneStations--;
 	sm->GUpdateStationKeys = FALSE;
 	sm->Disconnect = TRUE;
+	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
+			 "group key handshake failed (%s) after %u tries",
+			 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN",
+			 sm->wpa_auth->conf.wpa_group_update_count);
 }