about "IBSS RSN: Add a timeout for Authentication frame exchange"
Antonio Quartulli
ordex
Wed Aug 28 11:37:15 PDT 2013
On Wed, Aug 28, 2013 at 08:28:43PM +0200, Nicolas Cavallari wrote:
> On 28/08/2013 19:08, Antonio Quartulli wrote:
> > - assuming that both the peers support Auth exchange, in case of frame loss, I
> > think it would be better to delete the station and try again, rather than
> > ignoring the Auth exchange at all. What do you think?
>
> Especially since this is what will happen anyway since your kernel patch
> to expire unauthenticated stations has been applied.
>
Right. So this will happen automatically.
> Manually resending an authentication frame might be another option, but
> it will not work if the peer does not support auth exchange at all.
In the latter case the other peer will immediately start sending EAPOL 1/4.
So we will do the same right after.
>
> On the other hand, starting an EAPOL exchange in a lossy environement is
> a bad idea, even if both peers runs wpasupplicant on linux. This cab
> easily end up in conditions where one peer will detect an hacking
> attempt and the exchange will stall, or even in funnier things when
> EAPOL 4/4 is dropped, since the supplicant has security enforced and the
> authenticator has not.
I'd simply not optimise the case "what if packet loss occurs" and I'd try to
stick to the current behaviour.
Regards,
--
Antonio Quartulli
..each of us alone is worth nothing..
Ernesto "Che" Guevara
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20130828/4ee293c7/attachment.pgp>
More information about the Hostap
mailing list