Hostapd/nl80211 handling of EAPOL frames resulting in "EAPOL-Key timeout"

Johan Almbladh johan.almbladh
Sun Nov 28 14:43:31 PST 2010


Hi,

First of all, thanks for a great piece of software! I have a problem
and a suggested fix regarding the handling of EAPOL frames in hostapd
with the nl80211 driver.

I am running a setup with hostapd/mac80211 on several AP interfaces.
The interfaces belong to different PHYs so they have to be managed by
different hostapd daemons. Finally, all interfaces are bridged to the
same bridge.

When AP interfaces are continuously added and removed the hostapd
daemons eventually enter a state where they can no longer authenticate
clients using WPA-PSK. Below is a log from such a situation:

wlan0: STA 00:26:08:f7:33:8f IEEE 802.11: authentication OK (open system)
wlan0: STA 00:26:08:f7:33:8f MLME:
MLME-AUTHENTICATE.indication(00:26:08:f7:33:8f, OPEN_SYSTEM)
wlan0: STA 00:26:08:f7:33:8f MLME: MLME-DELETEKEYS.request(00:26:08:f7:33:8f)
wlan0: STA 00:26:08:f7:33:8f IEEE 802.11: authenticated
wlan0: STA 00:26:08:f7:33:8f IEEE 802.11: association OK (aid 1)
wlan0: STA 00:26:08:f7:33:8f IEEE 802.11: associated (aid 1)
wlan0: STA 00:26:08:f7:33:8f MLME: MLME-ASSOCIATE.indication(00:26:08:f7:33:8f)
wlan0: STA 00:26:08:f7:33:8f MLME: MLME-DELETEKEYS.request(00:26:08:f7:33:8f)
wlan0: STA 00:26:08:f7:33:8f WPA: event 1 notification
wlan0: STA 00:26:08:f7:33:8f WPA: start authentication
wlan0: STA 00:26:08:f7:33:8f IEEE 802.1X: unauthorizing port
wlan0: STA 00:26:08:f7:33:8f WPA: sending 1/4 msg of 4-Way Handshake
wlan0: STA 00:26:08:f7:33:8f WPA: EAPOL-Key timeout
wlan0: STA 00:26:08:f7:33:8f WPA: sending 1/4 msg of 4-Way Handshake
wlan0: STA 00:26:08:f7:33:8f WPA: EAPOL-Key timeout
wlan0: STA 00:26:08:f7:33:8f WPA: sending 1/4 msg of 4-Way Handshake
wlan0: STA 00:26:08:f7:33:8f WPA: EAPOL-Key timeout
wlan0: STA 00:26:08:f7:33:8f WPA: sending 1/4 msg of 4-Way Handshake
wlan0: STA 00:26:08:f7:33:8f WPA: event 3 notification
wlan0: STA 00:26:08:f7:33:8f IEEE 802.1X: unauthorizing port
wlan0: STA 00:26:08:f7:33:8f IEEE 802.11: deauthenticated
wlan0: STA 00:26:08:f7:33:8f MLME:
MLME-DEAUTHENTICATE.indication(00:26:08:f7:33:8f, 2)
wlan0: STA 00:26:08:f7:33:8f MLME: MLME-DELETEKEYS.request(00:26:08:f7:33:8f)

The EAPOL frames are dropped in
src/drivers/driver_nl80211.c:handle_eapol() because the ifindex is not
in the ifindex list. The list is updated as the driver receives
RTM_NEWLINK/RTM_DELLINK events via netlink. When an interface that
hostapd owns is added to the bridge the bridge ifindex is also added
to the list. However, the "owns" check is missing in
wpa_driver_nl80211_event_rtm_dellink(). This causes hostapd to remove
the bridge ifindex from the list when a foreign ifindex that is
bridged to that bridge is removed. When packets are received on the
EAPOL socket the destination ifindex (=bridge ifindex) is not in the
list anymore, so the packet is erroneously dropped. This bug can
easily be reproduced by adding and removing interfaces to the same
bridge that an hostapd instance is using. A script for adding and
removing interfaces is attached.

I propose an added check in wpa_driver_nl80211_event_rtm_dellink()
that ignores foreign ifindices. That seems to fix the "EAPOL-Key
timeout" problem.

Best regards
/Johan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iface-dyn.sh
Type: application/x-sh
Size: 1005 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20101128/91a37601/attachment.sh 



More information about the Hostap mailing list