about "IBSS RSN: Add a timeout for Authentication frame exchange"

Jouni Malinen j at w1.fi
Thu Aug 29 04:39:20 EDT 2013


On Thu, Aug 29, 2013 at 12:32:58AM +0200, Antonio Quartulli wrote:
> On Wed, Aug 28, 2013 at 08:46:40PM +0200, Nicolas Cavallari wrote:
> > On 28/08/2013 20:37, Antonio Quartulli wrote:
> > > On Wed, Aug 28, 2013 at 08:28:43PM +0200, Nicolas Cavallari wrote:
> > >> On 28/08/2013 19:08, Antonio Quartulli wrote:
> > >>> - assuming that both the peers support Auth exchange, in case of frame loss, I
> > >>>   think it would be better to delete the station and try again, rather than
> > >>>   ignoring the Auth exchange at all. What do you think?

I don't care much about the exact mechanism used here as long as it
works. The reason for the timeout mechanism to move to EAPOL exchange
was in the previous implementation resulting in constant failures in the
automated hwsim test cases that are run after each hostap.git commit.
That said, I think the implementation should be robust enough to work
even if the peer device does not support Authentication frame exchange.

> > >> Especially since this is what will happen anyway since your kernel patch
> > >> to expire unauthenticated stations has been applied.

We need to work with devices that use other implementations that this
specific one..

> > >> Manually resending an authentication frame might be another option, but
> > >> it will not work if the peer does not support auth exchange at all.
> > > 
> > > In the latter case the other peer will immediately start sending EAPOL 1/4.
> > > So we will do the same right after.

There is no guarantee on the peer initiating EAPOL exchange here. If the
local device wants to set up the keys for the link, it better initiate
the exchange.

> In section 10.3.4 the standard says that Authentication is optional in an IBSS,
> but does not specify what to do in case of Auth reception.
> 
> However 10.3.4.3 says what a station should do on Auth reception and in this
> case it does not state anything about the possibility of not answering.
> Therefore I think you were right: a STA in an IBSS must respond to the request.

I don't care what the standard says if deployed stations do not comply..
Whatever is implemented in wpa_supplicant needs to work with other
devices out there.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list