wpa_supplicant WPA2-PSK authentification times

Schulte Stefan Stefan.Schulte at VIEGA.DE
Mon Mar 8 08:55:09 EST 2010


On Mon, Mar 08, 2010 at 10:31:19AM +0100, Schulte Stefan wrote:


>> The 4way handshake stuff takes considerable time when roaming, so I take it that something with the configuration is wrong (either on supplicant or authentificator side), as I read comments that it shouldn't take longer than some 100 milliseconds.

>4-way handshake should not really take more than couple of milliseconds
with a good implementation (in both ends)..

I misread some figures... I came up with a new bottleneck, which is the background scan for new BSS. It seems that my client is switching over to the next AP only if the new one is out of reach for some time and therefor lost connection? How do you turn on background scanning? Using the wext driver.
There are some settings for roaming treshold etc in the cisco wlan controller, but do I have to set the roaming behaviour in the supplicant aswell?:

1268040566.248831: RTM_NEWLINK: operstate=1 ifi_flags=0x1003 ([UP])
1268040566.248859: RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
1268040566.256185: RTM_NEWLINK: operstate=1 ifi_flags=0x1003 ([UP])
1268040566.256205: RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
1268040566.256214: Wireless event: cmd=0x8b15 len=20
1268040566.256221: Wireless event: new AP: 00:00:00:00:00:00
1268040566.256248: Setting scan request: 0 sec 100000 usec
1268040566.256262: Added BSSID 00:24:98:99:37:12 into blacklist
1268040566.256274: CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
1268040566.256280: wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
1268040566.256307: wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
1268040566.256320: wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
1268040566.256332: wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
1268040566.256344: wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
1268040566.256357: State: COMPLETED -> DISCONNECTED
1268040566.256364: wpa_driver_wext_set_operstate: operstate 1->0 (DORMANT)
1268040566.256372: WEXT: Operstate: linkmode=-1, operstate=5
1268040566.256400: EAPOL: External notification - portEnabled=0
1268040566.256406: EAPOL: SUPP_PAE entering state DISCONNECTED
1268040566.256412: EAPOL: SUPP_BE entering state INITIALIZE
1268040566.256421: EAPOL: External notification - portValid=0
1268040566.256427: EAPOL: External notification - EAP success=0
1268040566.358581: State: DISCONNECTED -> SCANNING
1268040566.358590: Starting AP scan (broadcast SSID)
1268040566.358596: Trying to get current scan results first without requesting a new scan to speed up initial association
1268040566.358640: Received 0 bytes of scan results (0 BSSes)
1268040566.358653: Cached scan results are empty - not posting
1268040566.358658: Selecting BSS from priority group 0
1268040566.358663: Try to find WPA-enabled AP
1268040566.358668: Try to find non-WPA AP
1268040566.358673: No APs found - clear blacklist and try again
1268040566.358677: Removed BSSID 00:24:98:99:37:12 from blacklist (clear)
1268040566.358687: Selecting BSS from priority group 0
1268040566.358691: Try to find WPA-enabled AP
1268040566.358696: Try to find non-WPA AP
1268040566.358700: No suitable AP found.
1268040566.358708: Setting scan request: 0 sec 0 usec
1268040566.358722: Starting AP scan (broadcast SSID)
1268040566.358793: Scan requested (ret=0) - scan timeout 30 seconds


Supplicant requested the driver to scan for bss now that former AP connection is already lost for several seconds?
And scan takes 3 seconds?


1268040569.364787: RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
1268040569.364806: RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
1268040569.364858: Wireless event: cmd=0x8b19 len=8
1268040569.364966: Received 1195 bytes of scan results (3 BSSes)
1268040569.364987: CTRL-EVENT-SCAN-RESULTS


>> Currently it takes about 8 seconds roughly. The log output with timestamps and my wpa_supplicant configuration file can be found in this mails attachment.

>No attachment found.

Sorry, forgot to attach the logs.. stupid me. A small snippet is attached to this mail...

My wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant

ap_scan=2
#fast_reauth=1
eapol_version=2


### Logistics WPA2-PSK
network={
        #proactive_key_caching=1
        ssid="Logistik"
        key_mgmt=WPA-PSK
        proto=RSN
        pairwise=CCMP
        group=CCMP
        #psk="+++++++"
        psk=+++++
}



Thanks for your generous help.



Mit freundlichen Grüßen

Stefan Schulte
GB Finanzen und IT
IT-Logistik

Viega GmbH & Co. KG
Zum langen Acker 7, D-57439 Attendorn
Telefon (+49) 2722 61 35 85, Telefax (+49) 2722 61 94 35 85
Email: stefan.schulte at viega.de <http://www.viega.de/>



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20100308/4cfa52bd/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logerror.zip
Type: application/x-zip-compressed
Size: 4875 bytes
Desc: logerror.zip
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20100308/4cfa52bd/attachment-0001.bin 


More information about the HostAP mailing list