about "IBSS RSN: Add a timeout for Authentication frame exchange"

[Antonio Quartulli]

On Wed, Aug 28, 2013 at 08:46:40PM +0200, Nicolas Cavallari wrote:
> On 28/08/2013 20:37, Antonio Quartulli wrote:
> > On Wed, Aug 28, 2013 at 08:28:43PM +0200, Nicolas Cavallari wrote:
> >> On 28/08/2013 19:08, Antonio Quartulli wrote:
> >>> - assuming that both the peers support Auth exchange, in case of frame loss, I
> >>>   think it would be better to delete the station and try again, rather than
> >>>   ignoring the Auth exchange at all. What do you think?
> >>
> >> Especially since this is what will happen anyway since your kernel patch
> >> to expire unauthenticated stations has been applied.
> >>
> > 
> > Right. So this will happen automatically.
> > 
> >> Manually resending an authentication frame might be another option, but
> >> it will not work if the peer does not support auth exchange at all.
> > 
> > In the latter case the other peer will immediately start sending EAPOL 1/4.
> > So we will do the same right after.
> 
> Not necessarily. If i remember the standard correctly, the decision to
> try to authenticate with peers is a local policy. The other peer may
> simply not try to authenticate with you, but it must respond to your
> request anyway.

In section 10.3.4 the standard says that Authentication is optional in an IBSS,
but does not specify what to do in case of Auth reception.

However 10.3.4.3 says what a station should do on Auth reception and in this
case it does not state anything about the possibility of not answering.
Therefore I think you were right: a STA in an IBSS must respond to the request.


-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20130829/1fec3b05/attachment.pgp>