Authentication timeout problem in wpa supplicant and madwifi driver combination

[Jagadish]

Hi,
       I am facing a problem with wpa supplicant(version 0.4.8) and 
madwifi(0.9.3) driver combination. I am using linux kernel version 
2.6.16.13-4.

_Deployment:_

I have two access points (AP1 and AP2) with following setup.

AP1: essid- linksys, security mode- WPA, pass phrase: abcd
AP2: essid- linksys, security mode- WPA, pass phrase: abcdefg

NOTE: AP1 is nearer to the wireless station than AP2. So, wpa supplicant 
tries to associate with AP1 first, if it fails to associate with AP1, 
then tries with AP2.

The wpa_supplicant.conf file has following configuration. Deliberately 
passphrase(abcdefg) is given to match station's configuration with the 
configuration of AP2 and not with AP1.

network={
ssid="linksys"
key_mgmt=WPA-PSK
pairwise=TKIP CCMP
psk="abcdefg"
proto=WPA
}

I modified the authentication timeouts in wpa supplicant and 
experimented. The authentication timeouts in wpa supplicant source code are:

   1.

      Timeout for open association is 200 msecs.(Default 5 secs) (T1)
      (In function wpa_supplicant_associate())

   2.

      Timeout for getting first packet of 4-way handshake is 2
      secs.(Default 10 secs) (T2)(In function wpa_supplicant_event_assoc())

   3.

      Timeout for getting third packet of 4-way handshake is 3
      secs.(Default 10 secs) (T3)(In function wpa_supplicant_rx_eapol())

      Problem:

Test1:

With the above setup, wpa supplicant is started. It tried to associate 
with AP1. It failed(authentication timeout because of 4-way handshake 
failure. This is due to MIC check failure at AP. So, AP retransmits the 
first message of 4-way handshake.) to associate with AP1 because of 
wrong pass phrase. Then it tried to associate with AP2. It 
failed(because of open association timeout) to associate with AP2.

At madwifi driver:

When station tried to associate with AP2, open authentication request is 
sent and observed authentication tx timeout occurred in syslogs. But in 
ethereal I have observed authentication response packet coming to 
station. Because of this, station failed to associate with AP2.

The expected behavior is to successfully associate with AP2. But this is 
not happening.


Test2:

I tried to test this with timeout T3(timeout for getting third packet of 
4-way handshake), increased to 5 secs. Now after failing association 
with AP1, station successfully associated with AP2.

The only difference I observed between test1 and test2 is,

In test1, authentication timeout of wpa supplicant with AP1 is happening 
and wpa supplicant is sending disassociation notification to driver 
which is in turn sent to AP1. Here disassociation is triggered at wpa 
supplicant(station side).

Where as in test2, as we have increased T3 to 5 secs, after some 
retransmissions of first message of 4-way handshake, AP1 sends 
deauthentication packet to station. Here deauthentication is triggered 
at AP side.


thanks in advance,
Jagadish