EAPOL frame too short error with Cisco 1200 AP

Jouni Malinen jkmaline at cc.hut.fi
Tue Jun 1 23:14:34 EDT 2004


On Tue, Jun 01, 2004 at 01:11:56PM -0400, Derek Schuff wrote:

> It seems to be enabling WPA and associating but i get this error message:
> 
> WPA: EAPOL frame too short, len 46, expecting at least 99

That is not an error.

> These APs have multiple SSIDs, and they advertise a different SSID 
> (ornl-visitor) than the one I want (ornlwpa) so scanning is enabled.

If I remember correctly, I haven't tested Host AP driver with Cisco AP
and secondary SSID, but I know that wpa_supplicant works with another
driver in that kind of configuration. Host AP driver was able to use an
AP that did not include SSID in the beacon (but did include matching WPA
IE, what the Cisco AP might not do in all cases).

> Starting AP scan (specific SSID)
> Scan SSID - hexdump_ascii(len=7):
>      6f 72 6e 6c 77 70 61                              ornlwpa
> Wireless event: cmd=0x8b19 len=12
> Received 1813 bytes of scan results (9 BSSes)
> Scan results: 9
> 0: 00:0c:85:60:f1:b4 ssid='ornlwpa' wpa_ie_len=24 rsn_ie_len=0
> Trying to associate with 00:0c:85:60:f1:b4 (SSID='ornlwpa' freq=2412 MHz)
> WPA: using IEEE 802.11i/D3.0
> WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 
> 00 50 f2 02 01 00 00 50 f2 01

> Wireless event: cmd=0x8b1a len=19
> RX EAPOL from 00:0c:85:60:f1:b4
> EAPOL frame received in disassociated state - dropped
> Wireless event: cmd=0x8b15 len=20
> Wireless event: new AP: 00:0c:85:60:f1:b4
> Association event - clear replay counter
> Associated to a new BSS: BSSID=00:0c:85:60:f1:b4

This is a race condition in the client. Notification of the association
event is processed after having received the first EAPOL frame from the
AP. I should probably change wpa_supplicant to process this frame anyway
or at least first try to verify whether the driver reports a matching
BSSID even though the association event has not yet been received. The
dropped frames was most probably EAP-Request Identity.

Anyway, it looks like the association did succeed.

> EAPOL: SUPP_PAE entering state CONNECTING
> EAPOL: txStart

wpa_supplicant is sending EAPOL-Start message immediately, so the
dropped identity request should not be an issue. Authenticator should
reply to EAPOL-Start by sending a new EAP-Request Identity, which is
does:

> EAPOL: Received EAP-Packet frame
> EAP: Received EAP-Request method=1 id=2
> EAP: EAP entering state IDENTITY
> EAP: EAP-Request Identity data - hexdump_ascii(len=0):

wpa_supplicant replies:

> EAP: using real identity - hexdump(len=9): 74 65 73 74 5f 75 73 65 72
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp

> EAPOL: SUPP_BE entering state RECEIVE
> 
> -->Heres what I think the real error message is, but i could be wrong
> WPA: EAPOL frame too short, len 46, expecting at least 99

This is not an error message (well, at least in most cases). Both the
IEEE 802.1X and WPA state machines process the incoming frames and the
EAPOL frames from 802.1X state machines are ignored in the WPA
processing (like here). I'm not sure whether you removed some lines
here, but this log file does not look correct. wpa_supplicant (the IEEE
802.1X part) is supposed to process the following EAP packets. In this
case, the authentication server should send EAP-Request for its default
authentication method.

> -->If I let it go, it just repeats, so I kill it here.

Please send a log file that includes more attempts.. In addition, please
also make a packet capture from the wlan0 interface and send it to me.
For example, with "tcpdump -s 1500 -w wlan0.dump -i wlan0" records
packets to wlan0.dump. You can also use Ethereal for this. Please also
include the .config file you used when compiling wpa_supplicant.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list