about "IBSS RSN: Add a timeout for Authentication frame exchange"

Antonio Quartulli ordex
Wed Aug 28 11:37:15 PDT 2013

On Wed, Aug 28, 2013 at 08:28:43PM +0200, Nicolas Cavallari wrote:
> On 28/08/2013 19:08, Antonio Quartulli wrote:
> > - assuming that both the peers support Auth exchange, in case of frame loss, I
> >   think it would be better to delete the station and try again, rather than
> >   ignoring the Auth exchange at all. What do you think?
> Especially since this is what will happen anyway since your kernel patch
> to expire unauthenticated stations has been applied.

Right. So this will happen automatically.

> Manually resending an authentication frame might be another option, but
> it will not work if the peer does not support auth exchange at all.

In the latter case the other peer will immediately start sending EAPOL 1/4.
So we will do the same right after.

> On the other hand, starting an EAPOL exchange in a lossy environement is
> a bad idea, even if both peers runs wpasupplicant on linux. This cab
> easily end up in conditions where one peer will detect an hacking
> attempt and the exchange will stall, or even in funnier things when
> EAPOL 4/4 is dropped, since the supplicant has security enforced and the
> authenticator has not.

I'd simply not optimise the case "what if packet loss occurs" and I'd try to
stick to the current behaviour.


Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20130828/4ee293c7/attachment.pgp>

More information about the Hostap mailing list