about "IBSS RSN: Add a timeout for Authentication frame exchange"

Nicolas Cavallari nicolas.cavallari
Wed Aug 28 11:28:43 PDT 2013


On 28/08/2013 19:08, Antonio Quartulli wrote:
> - assuming that both the peers support Auth exchange, in case of frame loss, I
>   think it would be better to delete the station and try again, rather than
>   ignoring the Auth exchange at all. What do you think?

Especially since this is what will happen anyway since your kernel patch
to expire unauthenticated stations has been applied.

Manually resending an authentication frame might be another option, but
it will not work if the peer does not support auth exchange at all.

On the other hand, starting an EAPOL exchange in a lossy environement is
a bad idea, even if both peers runs wpasupplicant on linux. This cab
easily end up in conditions where one peer will detect an hacking
attempt and the exchange will stall, or even in funnier things when
EAPOL 4/4 is dropped, since the supplicant has security enforced and the
authenticator has not.



More information about the Hostap mailing list