DHCPDISCOVER at times not encrypted

Dan Williams dcbw at redhat.com
Mon May 6 17:00:56 EDT 2013


On Mon, 2013-05-06 at 18:43 +0000, Garcia, Paul D wrote:
> > >
> > > Thanks for the input.
> > >
> > > I process each line of:
> > >
> > > def runProcess(exe):
> > >     proc = subprocess.Popen(exe, shell=True, stdout=subprocess.PIPE,
> > stderr=subprocess.STDOUT)
> > >     while (True):
> > >         return_code = proc.poll()  # returns None while subprocess is running
> > >         line = proc.stdout.readline().strip()
> > >         yield line
> > >         if (return_code is not None):
> > >             break
> > >
> > > looking for:
> > >
> > > 	if line.find('EAP-MSCHAPV2: Authentication succeeded') >= 0:
> > > 	# 'if 'EAP- MSCHAPV2...' in line:' would probably be more efficient
> > 
> > You want to watch for a state transition to COMPLETED, not just that EAP
> > succeeded, or if you're not doing verbose debugging, then:
> > 
> > CTRL-EVENT-CONNECTED - Connection to <BSSID> completed (auth)
> > 
> > Otherwise there's a race because the connection isn't completely up yet
> > when the EAP log message is printed, since there's a bunch of steps after
> > that to derive keys and complete the association.
> > 
> 
> Yes, how careless of me.  I can see where this would have the station attempt connection without encryption.  I do see the output containing the text you describe and will make the change.  Also, you mention verbose output and watching for state transition.  I will investigate this as well.

Add "-d" to the supplicant exec line, and then look for:

wlan0: State: GROUP_HANDSHAKE -> COMPLETED

But you'll always get the CTRL-EVENT-CONNECTED message in any debug
level, so you might as well use that instead of COMPLETED.

Dan




More information about the HostAP mailing list