<div>Hi Jouni,</div><div><br></div><div>> Do you know what is causing the authentication to take more than 10<br>> seconds? That sounds pretty excessive for P2P use cases..</div><div><br></div><div>Suppose the association fails due to timeout [Auth/Assoc frame is sent but </div>
<div>received no response], then I see that Authentication timeout happens only</div><div>after 10secs. So the assoc retry happens only after 10 secs in this case.By </div><div>this time, the group_idle_timeout would expire and the group is removed. </div>
<div><br></div><div>The reason for no auth resp/assoc resp could be due to absence of peer (due </div><div>to a scan on the shared virtual interface) at that point of time. So I feel </div><div>reducing the authentication timeout to 5secs would give a chance to try </div>
<div>Assoc one more time. </div>
<div><br></div><div>Pls correct me, If my understanding is wrong. </div>
<div><br></div><div><br></div><div><br></div><div><br></div><div><br></div>- Jithu Jance<br clear="all"><div><font color="#666666"><b><br></b></font></div>
<br><br><div class="gmail_quote">On Sun, Jun 10, 2012 at 11:17 PM, Jouni Malinen <span dir="ltr"><<a href="mailto:j@w1.fi" target="_blank">j@w1.fi</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On Mon, May 21, 2012 at 05:16:33AM +0000, Jithu Jance wrote:<br>
> Consider the disconnect event generated due to EAP-FAILURE(after WPS handshake) during the P2P connection.<br>
><br>
> In this disconnect context, the group idle timer will be set to 10 and assoc retry starts. If the connection doesn't go through in<br>
> the first attempt the group will be removed. This is because the authentication timeout happens at 10secs and the assoc<br>
> will be retried only after that.<br>
<br>
</div>Do you know what is causing the authentication to take more than 10<br>
seconds? That sounds pretty excessive for P2P use cases..<br>
<div><br>
> I feel setting to twenty seconds will help to retry at least two times. Please see whether it is okay.<br>
<br>
</div>This is somewhat problematic since there is also the opposite<br>
requirement of making the device notice quickly when the group goes down<br>
and the explicit indication from GO using Deauthentication frame is not<br>
that reliable (or correctly implemented in many deployed devices for<br>
that matter).<br>
<div><br>
> Setting authentication timeout to 5secs is also another option. But not sure whether there are some systems requiring 10secs<br>
> time.<br>
<br>
</div>That could be reasonable for P2P use cases. Though, I would rather<br>
figure out whether there would be better signals for determining that a<br>
new attempt is needed. That authentication timeout should really be more<br>
specific to cases where EAPOL frames do not get processed in reasonable<br>
time frame. I would assume that the case you are thinking of here would<br>
be something else. Or are you really seeing cases where association is<br>
completed successfully, but 4-way handshake does not go through?<br>
<span><font color="#888888"><br>
--<br>
Jouni Malinen PGP id EFC895FA<br>
</font></span><div><div>_______________________________________________<br>
HostAP mailing list<br>
<a href="mailto:HostAP@lists.shmoo.com" target="_blank">HostAP@lists.shmoo.com</a><br>
<a href="http://lists.shmoo.com/mailman/listinfo/hostap" target="_blank">http://lists.shmoo.com/mailman/listinfo/hostap</a><br>
</div></div></blockquote></div><br>