about "IBSS RSN: Add a timeout for Authentication frame exchange"

Antonio Quartulli ordex at autistici.org
Wed Aug 28 14:37:15 EDT 2013


On Wed, Aug 28, 2013 at 08:28:43PM +0200, Nicolas Cavallari wrote:
> On 28/08/2013 19:08, Antonio Quartulli wrote:
> > - assuming that both the peers support Auth exchange, in case of frame loss, I
> >   think it would be better to delete the station and try again, rather than
> >   ignoring the Auth exchange at all. What do you think?
> 
> Especially since this is what will happen anyway since your kernel patch
> to expire unauthenticated stations has been applied.
> 

Right. So this will happen automatically.

> Manually resending an authentication frame might be another option, but
> it will not work if the peer does not support auth exchange at all.

In the latter case the other peer will immediately start sending EAPOL 1/4.
So we will do the same right after.

> 
> On the other hand, starting an EAPOL exchange in a lossy environement is
> a bad idea, even if both peers runs wpasupplicant on linux. This cab
> easily end up in conditions where one peer will detect an hacking
> attempt and the exchange will stall, or even in funnier things when
> EAPOL 4/4 is dropped, since the supplicant has security enforced and the
> authenticator has not.

I'd simply not optimise the case "what if packet loss occurs" and I'd try to
stick to the current behaviour.


Regards,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20130828/4ee293c7/attachment.pgp>


More information about the HostAP mailing list