Held State after a Authentication Fail. Help to understand this state.

Jouni Malinen j at w1.fi
Tue May 13 16:01:17 EDT 2008


On Tue, May 13, 2008 at 04:27:42PM -0300, Douglas Diniz wrote:

> I'm asking because i have a setup where hostap receive a Start several times
> while in Held State, so i'm afraid that when the quietPeriod goes to 0 the
> following scenario  occur:
> 
> 1-) Hostap goes from held state to restart state, sending a request identity
> 2-) Just after that hostap receive a Start, re-sending a Request Identity
> 3-) In this meanwhile wpa supplicant receive the first request identity and
> send a response identity.
> 4-) The second Request Identity is received by wpa supplicant, which abort
> the authentication.
> 
> This could occur?

The steps 1 to 3 can happen and they do indeed happen quite frequently
with many supplicant implementations and if you follow the EAPOL state
machine definitions in 802.1X, both supplicant and authenticator are
trying to initialize authentication at the same time whenever the port
becomes enabled. wpa_supplicant is actually delaying the initial
EAPOL-Start to avoid the extra frames since in case of wireless networks
the AP/Authenticator will always know when a new supplicant appears and
can start new authentication immediately without any need for
EAPOL-Start.

However, step 4 does not result in supplicant aborting the
authentication. wpa_supplicant will reply to both identity requests and
authenticator will use the second reply since that is for the last
pending request. Authentication continues normally after that so the
only "problem" is the two unnecessary frames due to the duplicated
identity request.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list