wpa_supplicant TKIP countermeasures

Jonathan Bagg jbagg
Fri Nov 16 11:59:03 PST 2012


> On Fri, 2012-11-16 at 12:11 -0500, Jonathan Bagg wrote:
>> Question about TKIP countermeasures in wpa_supplicant....After three
>> "Event MICHAEL_MIC_FAILURE (2) received" I see wpa_supplicant say "TKIP
>> countermeasures started", and then disconnects, but never reconnects
>> after 60 seconds (5.2.17 step #8 in Wi-Fi CERTIFIED n System
>> Interoperability Test Plan) Running wpa_supplicant v1.0
>> Is wpa_supplicant supposed to handle the reconnect or is it up to the
>> user / higher level software?
> Looks like the supplicant blacklists that AP, disconnects, and then we
> have:
> /* TODO: mark the AP rejected for 60 second. STA is
>   * allowed to associate with another AP.. */
> Countermeasures get turned off after 60 seconds, but then we depend on a
> scan to call wpa_supplicant_pick_network(), which will clear the
> blacklist if no APs are found and countermeasures is off.
> Is anything requesting a scan after that 60 seconds is over?
>   If you
> trigger a scan from the control interface after countermeasures are
> turned off, does it find the AP and reconnect?
We are running wpa_supplicant and then using wpa_cli to get status 
info.  Is there a way to tell when
countermeasures are turned off through wpa_cli?


More information about the Hostap mailing list