Kernel panic - avoiding useless traffic [hostapd+madwifi with EAP-TLS]

Jouni Malinen j
Thu Jan 7 09:15:46 PST 2010


On Thu, Jan 07, 2010 at 02:10:54PM +0100, Dennis Borgmann wrote:

> If I try to associate with a Windows XP using an Intel wireless device 
> machine, that does not have any certificate in order to connect to the 
> AP, the madwifi driver starts pumping "stuck beacon" messages and soon 
> afterwards hangs with a kernel panic. I am able to get around this 
> problem by setting an accesslist on the very computer, that runs the AP. 
> If this is done, it seems like on ISO layer 2 the packet is already 
> rejected and therefore the "stuck beacon" cannot happen.

This sound like a clear driver issue and should really be addressed with
whoever is interested in maintaining that driver and not on this mailing
list.

> Presuming, madwifi is configured to kick unwanted MACs(iwpriv ath0 
> maccmd 2): Is it possible to give a command to madwifi (iwpriv ath0 
> addmac <BADMAC>) as soon as hostapd recognizes, there is a wrong 
> certificate or no certifcate at all? If this could be done, my problem 
> would be solved and by the way I would be able to avoid a lot of useless 
> traffic.

Sounds like a somewhat odd "feature" from hostapd view point and I do
not see much point in introducing it. Obviously, you have the source
code and can get this added if you really want to, but I would suggest
fixing the driver or testing with ath5k/ath9k (depending on which card
you use) could be more fruitful long term solution.

Please also note that hostapd doesn't know anything about certificates
in case you are using an external authentication server and as such, the
triggers like "wrong certificate or no certificate at all" are not
really reasonable.. Access-Reject from the authentication server could
be consider as a trigger that would be available here, but I'm not sure
whether I would really recommend doing that either. Fixing the real
issue should really be the focus here and not some odd workarounds to
avoid having to do that.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list