DHCPDISCOVER at times not encrypted

Dan Williams dcbw
Mon May 6 11:34:02 PDT 2013


On Mon, 2013-05-06 at 17:45 +0000, Garcia, Paul D wrote:
> 
> > -----Original Message-----
> > From: Dan Williams [mailto:dcbw at redhat.com]
> > Sent: Monday, May 06, 2013 12:29 PM
> > To: Garcia, Paul D
> > Cc: hostap at lists.shmoo.com
> > Subject: Re: DHCPDISCOVER at times not encrypted
> > 
> > On Fri, 2013-05-03 at 19:08 +0000, Garcia, Paul D wrote:
> > > I am running a python script that:
> > >
> > > 1) initializes the wpa_supplicant:
> > >
> > >     sudo /usr/local/sbin/wpa_supplicant -Dwext -iwlan0
> > > -c/etc/wpa_supplicant/wireless_test.conf -d
> > >
> > > 2) releases and initializes DHCP:
> > >
> > >     sudo dhclient -r wlan0
> > >     sudo dhclient -v wlan0
> > 
> > Is your script waiting until the supplicant has completed the connection to
> > the network before running DHCP?  That isn't instantaneous, and the only
> > way you know that everything is ready to be run with DHCP is by listening to
> > the supplicant, either via dbus or the socket control interface.
> > 
> > Dan
> 
> 
> Thanks for the input.
> 
> I process each line of:
> 
> def runProcess(exe):
>     proc = subprocess.Popen(exe, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
>     while (True):
>         return_code = proc.poll()  # returns None while subprocess is running
>         line = proc.stdout.readline().strip()
>         yield line
>         if (return_code is not None):
>             break
> 
> looking for:
> 
> 	if line.find('EAP-MSCHAPV2: Authentication succeeded') >= 0:
> 	# 'if 'EAP- MSCHAPV2...' in line:' would probably be more efficient

You want to watch for a state transition to COMPLETED, not just that EAP
succeeded, or if you're not doing verbose debugging, then:

CTRL-EVENT-CONNECTED - Connection to <BSSID> completed (auth)

Otherwise there's a race because the connection isn't completely up yet
when the EAP log message is printed, since there's a bunch of steps
after that to derive keys and complete the association.

Dan




More information about the Hostap mailing list