data transmission failes for hostapd and wpa_supplicant

Jouni Malinen j at w1.fi
Tue Oct 28 09:56:26 EDT 2008


On Mon, Oct 27, 2008 at 03:07:02PM +0100, laptopcss at gmx.de wrote:

> I'm working with hostapd and wpa_supplicant. Based on the topic trusted Computing I want to transmit during a EAP-TLS /EAP-TTLS handshake my current measurement list. At the moment it has a size of 99200 byte. The problem is that the transmission ends after 24800 byte because the buffer is full. The whole process collaps because the measurement list is not transmitted complete and the check cannot be fullfilled.

That's quite a large amount measurement data.. Anyway, TNC-IFT does
actually require support for up to 100 kilobytes in IF-TNCCS messages,
so in that sense, this would be fine. However..

The current hostapd and wpa_supplicant implementations have a limit on
maximum number of EAP round-trips to avoid infinite loops between the
server and peer in error cases. However, this will also limit the
maximum size of data that can be transmitted over the EAP-TTLS tunnel. I
would suggest a test run with the maximum values increased from 50 to,
say, 100 (or even larger, if needed). This can be done be changing the
EAP_MAX_AUTH_ROUNDS value in src/eap_peer/eap.c and
src/eap_server/eap.c. If this resolves the problem for you, I could
consider changing the hard limit in the future releases or making it
somehow depend on whether TNC is used or not.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list