RSN-IE mismatch and WPA2 preauth

Zimmermann, Christopher Brian (Chris) cbzimmermann at agere.com
Wed Jan 26 10:32:30 EST 2005


I am doing something very similar to that.  I keep a local copy of the
scan results I report via .get_scan_results function.  When I report
EVENT_ASSOCINFO, and before I report EVENT_ASSOC...I actually change the
wpa_s->ap_rsn_ie field.

-----Original Message-----
From: Jouni Malinen [mailto:jm at jm.kir.nu] On Behalf Of Jouni Malinen
Sent: Tuesday, January 25, 2005 11:20 PM
To: Zimmermann, Christopher Brian (Chris)
Cc: hostap at shmoo.com
Subject: Re: RSN-IE mismatch and WPA2 preauth

On Tue, Jan 25, 2005 at 10:47:37AM -0500, Zimmermann, Christopher Brian
(Chris) wrote:

> The firmware is generating the WPA/RSN IE, being configured by the
> driver based on the params argument passed to the .associate function.
> 
> I do update the assoc-req and assoc-rsp IEs in the EVENT_ASSOCINFO,
upon
> connection or AP change status notifications. 

OK. This is the mode that I haven't really tested that much. When
wpa_supplicant selects which AP to use, it can update the WPA/RSN IE
based on the scan results. When driver takes care of its own WPA/RSN IE
processing, all cases need to be synchronized with the supplicant.

In some way, that EVENT_ASSOCINFO is lacking one part, i.e.,
beacon/proberesp IEs.. Another option would be to keep a local copy of
the scan results in the supplicant and if needed, query driver for the
scan results if the new BSSID is not in the wpa_supplicant data
structures.

I will need to go through couple of driver implementations to check
which option can be implemented in all drivers (for which I have access
to this kind of details). EVENT_ASSOCINFO extension would probably be
easiest to implement in wpa_supplicant, but I may want to have the
local scan results anyway (e.g., to make them available through
ctrl_iface).

> Complete log attached.

Thanks! That showed the problem case nicely. I think I have tested
similar pre-authentication case with different IEs before, but only with
drivers that allowed wpa_supplicant to select the AP and, thus, get the
correct IE. It's quite likely that I have only used the same AP model
(i.e., same IE in all APs) when testing driver controlled roaming.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list