wpa_supplicant TKIP countermeasures
jbagg at lenbrook.com
Wed Nov 21 09:45:15 EST 2012
On 12-11-18 06:16 AM, Jouni Malinen wrote:
> On Fri, Nov 16, 2012 at 12:11:53PM -0500, Jonathan Bagg wrote:
>> Question about TKIP countermeasures in wpa_supplicant....After three
>> "Event MICHAEL_MIC_FAILURE (2) received" I see wpa_supplicant say "TKIP
>> countermeasures started", and then disconnects, but never reconnects
>> after 60 seconds (5.2.17 step #8 in Wi-Fi CERTIFIED n System
>> Interoperability Test Plan) Running wpa_supplicant v1.0
> This works fine in my tests.. When wpa_supplicant initiated TKIP
> countermeasures, it disconnected, added the BSSID of the AP into
> blacklist, and started scanning. After 60 seconds, TKIP countermeasures
> were stopped and the next scan was allowed to clear the blacklist. At
> this point, connection went through with the same AP.
>> Is wpa_supplicant supposed to handle the reconnect or is it up to the
>> user / higher level software?
> Yes, wpa_supplicant is supposed to find another AP (if available and
> enabled in configuration) or connect back to the same AP after 60
Thank you for the info.
> Which driver are you using? How do you configure ap_scan parameter in
> wpa_supplicant? Could you please send wpa_supplicant debug log with
> timestamps (-dt on command line) from a case where there was no
supplicant output -> http://upgrade.nadelectronics.com/wifi/wpa_log_2.txt
packet sniff -> http://upgrade.nadelectronics.com/wifi/all-2.pkt
cw1200 (Sony-Ericson chipset) The driver hasn't made it to the kernel
yet. To my knowledge, we are not configuring the ap_scan parameter. It
appears that the device is trying to reconnect right after the
countermeasures disconnect but fails, and after 60 seconds, it doesn't
not attempt to connect. Unfortunately I don't know how to simulate MIC
failures, so we are relaying on the test lab. wpa_supplicant was
wpa_supplicant -D nl80211 -i wlan0 -c /var/data/wpa.conf -dt >
The wpa.conf file wouldn't be much different than what is below witha
different SSID and psk.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the HostAP