Dropped frames (unauthorized port) in AP mode

Mihai Moldovan ionic
Sun Jun 23 15:12:32 PDT 2013

* On 22.06.2013 09:59 AM, Jouni Malinen wrote:
> Which version of hostapd are you using and have you notified hostapd of
> that bridging design (bridge parameter in the configuration file)?

git master version from June 18th, at commit 4331263b7395ea. In any case recent.

Yes, sure.
# grep -i bridge=br0 /etc/hostapd/*wifi*

> This would indicate that no response for EAPOL-Key frame was received.
> Either the msg 1/4 was not sent or 2/4 was not received properly.
> Incorrect bridge configuration can cause this.
The bridging setup is really basic and shouldn't cause any problems. I have
turned off STP (it's the only network bridge anyway), other than that the bridge
is managed by hostapd adding/removing wifi interfaces. Nothing sophisticated.

> That dropped frame is likely some unrelated packet that something else
> in the system tried to transmit. That's fine and getting it dropped is
> expected. Since there is only one such frame listed here, I'd assume the
> multiple EAPOL-Key 1/4 frames were not dropped.

Hmm... wonder what would send out such frames, but I'm having a few broadcasting
applications running, so it may be them.

> Do you have another device you could use as a sniffer to capture the
> frames between the devices? It would be useful to verify whether
> EAPOL-Key 1/4 and 2/4 are actually transmitted or not.

I removed wifi0 from the setup and set it up to capture packets on channel 9,
then had my notebook connect to wifi1, powered up by hostapd on channel 9 (and
still included in the bridge).

The result is small and attached here.

I'm seeing a lot of null packets going from my notebook, is that normal?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: psk-01.cap
Type: application/octet-stream
Size: 4160 bytes
Desc: not available
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20130624/eec428a1/attachment.obj>

More information about the Hostap mailing list