Prioritizing authentication pkts & resending failed EAPOL pkts?
greearb at candelatech.com
Thu Feb 3 18:13:11 EST 2011
On 02/03/2011 02:57 PM, Jouni Malinen wrote:
> On Thu, Feb 03, 2011 at 12:18:56PM -0800, Ben Greear wrote:
>> So first question: Is the auth traffic prioritized over regular traffic?
> That depends on the driver, so this is somewhat of an incorrect mailing
> list for that question.. Anyway, many management frame subtypes are
> often sent at higher priority when QoS/WMM is enabled.
>> Second: Any idea how to go about fixing up the retransmit logic per
>> this TODO:
>> /* TODO: re-send EAPOL-Key couple of times (with short delay
>> * between them?). If all attempt fail, report error and
>> * deauthenticate STA so that it will get new keys when
>> * authenticating again (e.g., after returning in range).
>> * Separate limit/transmit state needed both for unicast and
>> * broadcast keys(?) */
> Are you really looking at IEEE 802.1X and dynamic WEP keys? Sounds kind
> of pointless in this day and age with all the security issues identified
> with WEP. WPA/WPA2 4-way handshake do retransmit EAPOL-Key frames even
> without the lowlevel ack since the station needs to reply to the frames.
>> Here's a filtered part of the log showing ack-failure msgs...
>> 1296763802.180575: 1296763802.365012: IEEE 802.1X: 00:0c:42:61:00:78 TX status - version=2 type=3 length=95 - ack=0
> These frames are retransmitted at higher layer by the WPA/WPA2 4-way
> handshake authenticator, i.e., the comment above does not apply for
Ok. I saw those ack=0 messages, and then very shortly after the
4-way auth failed because sm->TimeoutCtr > dot11RSNAConfigPairwiseUpdateCount.
dot11RSNAConfigPairwiseUpdateCount is 4 on my system. I assumed that
the lack of ack was directly responsible..but maybe it's just a symptom.
Seems that 80 stations do ok..it's only when I get up above 100 that
I have troubles..and it seems that HT40 cause more problems than
when I'm using HT20.
I believe I'm using pretty standard auth/encryption, but could
be wrong about that:
# My hacks
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the HostAP