wpa_supplicant TKIP countermeasures

Dan Williams dcbw at redhat.com
Fri Nov 16 12:35:39 EST 2012


On Fri, 2012-11-16 at 12:11 -0500, Jonathan Bagg wrote:
> Question about TKIP countermeasures in wpa_supplicant....After three 
> "Event MICHAEL_MIC_FAILURE (2) received" I see wpa_supplicant say "TKIP 
> countermeasures started", and then disconnects, but never reconnects 
> after 60 seconds (5.2.17 step #8 in Wi-Fi CERTIFIED n System 
> Interoperability Test Plan) Running wpa_supplicant v1.0
> 
> Is wpa_supplicant supposed to handle the reconnect or is it up to the 
> user / higher level software?

Looks like the supplicant blacklists that AP, disconnects, and then we
have:

/* TODO: mark the AP rejected for 60 second. STA is
 * allowed to associate with another AP.. */

Countermeasures get turned off after 60 seconds, but then we depend on a
scan to call wpa_supplicant_pick_network(), which will clear the
blacklist if no APs are found and countermeasures is off.

Is anything requesting a scan after that 60 seconds is over?  If you
trigger a scan from the control interface after countermeasures are
turned off, does it find the AP and reconnect?

Dan



More information about the HostAP mailing list