Hostapd to Wpa_supplicant 4 way Handshake Problem
Damon Southworth
damon
Thu Aug 28 02:44:35 PDT 2008
On Wed, 2008-08-27 at 09:43 -0400, Brian Bender wrote:
> On Wed, Aug 27, 2008 at 8:14 AM, Damon Southworth
> damon-at-cloudydaze.homeip.net |hostaplist/personal|
> <...> wrote:
> > In this case the AP was a Cisco 1200 series and the EAPOL messages
> > containing the key exchange were sent with a QoS header highest priority
> > 7 (management) and were very precise in their transmssion times and
> > retries. Packets from the station didn't have a QoS header and timings
> > varied with the amount of traffic. Has any thought or work been done to
> > allow wpa_supplicant to use the 802.11 QoS extensions and improve the
> > delivery of the key exchange. I can see there is support in the Madwifi
> > driver for QoS but I am unclear as to the correct kernel interface to
> > utilise these extensions. Does information on this exist?
>
> Before you pull your hair out on the client side messing with QoS and
> such, have a quick look at this:
> <http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/command/reference/cr12410b-chap2.html#wpmkr3385466>
> ("wpa handshake timeout", in case the link doesn't take you straight there)
>
> The Cisco default is fairly aggressive, to the point that they
> acknowledge that it may be a problem for clients in powersave mode,
> for example.
>
Thanks for the command, it sounded like just the solution we needed.
However when I tried it, it did not have the effect I expected.
If you have read the history of this thread you may known that we are
checking for network delays around the time of rekeying. We were finding
that often a rekey would fail due to the 4/4 not being received by the
AP which would then diconnect the station after a couple of 3/4 retries
100ms apart. The station would then have to reconnect which resulted in
a 10-15 second communication outage.
I tried this command and set the timeout long at 2000ms. Now on every
rekey there is a communication outage of approx 4 seconds. We are not
being disconnected so it is not failing, there is just this pause in the
communication. It should be a timeout not a mandatory delay.
Damon.
More information about the Hostap
mailing list