no more gtk rekeying after local deauth request (hostapd-wpa_supplicant)

thomas schorpp t.schorpp
Thu Nov 3 18:07:17 PST 2005 

Jouni Malinen wrote:
> On Wed, Aug 31, 2005 at 11:54:17PM +0200, thomas schorpp wrote:
> 
> 
>>strange: if a linux wpasuppl. rsn client joins the net no more group key
>>handshakes with this xp client with latest hostapd...?
>>-> maybe security issue / policy violation
> 

hi,

got a brand new d-link dwl-g650 c2 and

see it again, this time in latest(? ive seen no checkins for a week so
far) hostapd+wpasupplicant cvs on 2.6.14 with madwifi cvs (which still
has the acpi suspend/resume issue in ath-*.ko and wlan-ccmp.ko,
requiring module removal in acpi script before sleep and ifupdown
explicitly) :

Nov  4 00:34:19 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 WPA: group key
handshake completed (RSN)
Nov  4 00:34:55 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.1X:
authenticated
Nov  4 00:34:58 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.11:
deauthenticated due to local deauth request

? its not gmk-rekey, occours 1 per h.

Nov  4 00:34:58 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.11:
deassociated
Nov  4 00:34:59 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.11:
associated
Nov  4 00:35:00 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 WPA: pairwise
key handshake completed (RSN)
Nov  4 00:35:00 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.1X:
authenticated

-no more gtk rekeying until wpasupplicant restart.

Nov  4 01:13:46 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.11:
deassociated
Nov  4 01:13:54 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.11:
associated
Nov  4 01:13:54 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 WPA: pairwise
key handshake completed (RSN)
Nov  4 01:13:54 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.1X:
authenticated
Nov  4 01:18:47 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 WPA: group key
handshake completed (RSN)
...

> 
> Can you provide a debug log from hostapd showing this kind of behavior
> (with some additional comments on where you would have expected to see
> group key handshake)?
> 

ok. i do it next, this is a security issue. windows+mac rsn clients not
 involved and rekeying normal with hostapd.

tom schorpp

More information about the Hostap mailing list