DHCPDISCOVER at times not encrypted
Dan Williams
dcbw
Mon May 6 11:34:02 PDT 2013
On Mon, 2013-05-06 at 17:45 +0000, Garcia, Paul D wrote:
>
> > -----Original Message-----
> > From: Dan Williams [mailto:dcbw at redhat.com]
> > Sent: Monday, May 06, 2013 12:29 PM
> > To: Garcia, Paul D
> > Cc: hostap at lists.shmoo.com
> > Subject: Re: DHCPDISCOVER at times not encrypted
> >
> > On Fri, 2013-05-03 at 19:08 +0000, Garcia, Paul D wrote:
> > > I am running a python script that:
> > >
> > > 1) initializes the wpa_supplicant:
> > >
> > > sudo /usr/local/sbin/wpa_supplicant -Dwext -iwlan0
> > > -c/etc/wpa_supplicant/wireless_test.conf -d
> > >
> > > 2) releases and initializes DHCP:
> > >
> > > sudo dhclient -r wlan0
> > > sudo dhclient -v wlan0
> >
> > Is your script waiting until the supplicant has completed the connection to
> > the network before running DHCP? That isn't instantaneous, and the only
> > way you know that everything is ready to be run with DHCP is by listening to
> > the supplicant, either via dbus or the socket control interface.
> >
> > Dan
>
>
> Thanks for the input.
>
> I process each line of:
>
> def runProcess(exe):
> proc = subprocess.Popen(exe, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
> while (True):
> return_code = proc.poll() # returns None while subprocess is running
> line = proc.stdout.readline().strip()
> yield line
> if (return_code is not None):
> break
>
> looking for:
>
> if line.find('EAP-MSCHAPV2: Authentication succeeded') >= 0:
> # 'if 'EAP- MSCHAPV2...' in line:' would probably be more efficient
You want to watch for a state transition to COMPLETED, not just that EAP
succeeded, or if you're not doing verbose debugging, then:
CTRL-EVENT-CONNECTED - Connection to <BSSID> completed (auth)
Otherwise there's a race because the connection isn't completely up yet
when the EAP log message is printed, since there's a bunch of steps
after that to derive keys and complete the association.
Dan
More information about the Hostap
mailing list