[wpa_supplicant/WPA] request for clarification
holgerschurig at gmail.com
Mon Jul 19 09:21:36 EDT 2010
> I'm using the wpa_supplicant 0.6.10, the source code cross compiled
> from Debian sources.
cross-compiled sounds like your on some embedded device. Which WLAN driver do
you use, which CPU type?
I'm asking this because it might be the case that your WLAN driver isn't
totally little-endian/big-endian clean. Proper source annotation and "sparse"
can help you in discovering this kind of errors.
> One is the "blacklist". Please consider the following snippet:
> 1279286521.334725: Authentication with c0:3f:0e:49:6a:ca timed out.
> 1279286521.334790: CTRL_IFACE monitor send - hexdump(len=21): 2f 74 6d
> 70 2f 77 70 61 5f 63 74 72 6c 5f 32 39 32 36 2d 31 00
> 1279286521.334926: CTRL_IFACE monitor: 111 - Connection refused
> 1279286521.334984: Added BSSID c0:3f:0e:49:6a:ca into blacklist
> 1279286521.335034: wpa_driver_wext_disassociate
> 1279286521.497794: No keys have been configured - skip key clearing
> 1279286521.497841: State: 4WAY_HANDSHAKE -> DISCONNECTED
> I can understand that the authentication has timed out.
Can you *really* understand why it times out? I can't. If you have one client
and only one AP, then it shouldn't time out.
You can shed more light into this issue if you take a third computer, put it
on the channel of the AP and monitor all packets via wireshark.
I see that you still use WEXT (side note: it's outdated, don't make new
development with WEXT technology, use NL80211 instead). So it might even be
the case that you have a WLAN card where the card itself does the association
part of 802.11. You could even have something like a lost interrupt.
> But from the other hand I don't know why the connection is refused
Some upper layer assumes that a timed out association (client sent the 802.11
association request packet, but did not receive the 802.11 association
response packet) equals to a "connection refused" error. That's a follow-up
error. The first error is more important here.
> and then wpa_supplicant is putting the AP to the "blacklist".
wpa_supplicant tried to associate to this AP. But this AP didn't answer. So
for now, wpa_supplicant assumes that this AP is broken. Therefore the AP ends
up on the blacklist. This makes sure that on the next try (if you have more
than one AP), it won't be tried again, but a another one instead.
> I'm using 4WAY_HANDSHAKE EAP authentication.
This is here irrelevant, as 802.11 association request / association response
and 802.11 authentication request / authentication response must happen before
that. Only then can the 4-way handshake start.
> 1279286521.499053: BSSID 00:00:00:00:00:00 blacklist count incremented
> to 2
> 1279286521.499108: CTRL-EVENT-DISCONNECTED - Disconnect event - remove
That's quite wacky. Maybe your driver sends strange WEXT events.
What does "iwevent" say during this?
Maybe you need to call "iwevent" with some arguments to see all the gory
details, I forgot as I abandoned iwconfig and other WEXT friends nine months
More information about the HostAP