[PATCH] Fix: EAPOL frame handling timing problem

Masashi Honma honma at ictec.co.jp
Tue Jun 2 02:30:29 EDT 2009


Hello.

I couldn't complete WPA 4-way handshake.
I've gotten some messages

WPA: Could not verify EAPOL-Key MIC - dropping packet
WPA: Could not verify EAPOL-Key MIC - dropping packet
WPA: Could not verify EAPOL-Key MIC - dropping packet
WPA: Could not verify EAPOL-Key MIC - dropping packet
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

in wpa_supplicant_verify_eapol_key_mic function.

I have investigated this and I found out association event
handling occured later than first EAPOL-key frame (from AP)
handling on my own environment.
This was not mean the real wireless frame came with this order.
I watched captured wireless frame, and checked that the order was correct.

In the other words, wpa_sm_notify_assoc function call happens
later than wpa_supplicant_process_1_of_4. 
Therefore sm->tptk_set is unexpectedly set to 0.

So I made below patch and I could connect stably.

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index d03e9da..4d85050 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1627,7 +1627,11 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
 		return;
 	wpa_drv_poll(wpa_s);
 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
-		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
+		if (wpa_s->wpa_state >= WPA_ASSOCIATED)
+			wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
+		else
+			wpa_printf(MSG_INFO, "WPA: Not associated - dropped "
+				   "EAPOL packet");
 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
 		/*
 		 * Set portValid = TRUE here since we are going to skip 4-way

Regards,
Masashi Honma.


More information about the HostAP mailing list