[PATCH 4/7] TDLS: don't fail when failing to process IEs for TPK M3

Arik Nemtsov arik
Mon Jun 16 23:23:40 PDT 2014

On Mon, Jun 16, 2014 at 11:41 PM, Jouni Malinen <j at w1.fi> wrote:
> On Tue, Jun 10, 2014 at 09:19:07PM +0300, Ilan Peer wrote:
>> Some APs (Cisco) will tack on a weird IE to the end of the TDLS confirm
>> packet, which can fail negotiation.
> Could you please clarify what you mean with "a weird IE"? Is this the
> known issue of the TDLS Setup frame being shorter than the minimum
> Ethernet frame and the AP adding some arbitrary data to end to reach
> that minimum size even though the frame does not go through any real
> Ethernet interface? Or are you actually seeing some real IEs there?
> The a-bit-too-short-frame issue should really be worked around with a
> more complete change that pads the TDLS frame with an extra IE in the
> end (e.g., vendor specific IE defined just for this purpose) to avoid
> interop issues with an AP that behaves in this way. It is not enough to
> make this specific implementation ignore parsing errors since some other
> peer implementations may not do that.

The frame is not too-short but too-long. We have a Cisco 1260 AP that
adds some weird bits at the end of TDLS setup-confirm and TDLS
discovery-response packets (fixed that in another patch).
It's after the link-id and it's not an IE, so the wpa_s parser
complains about buffer underflow and fails it. I think wireshark
half-parsed it as related to CCX.


More information about the Hostap mailing list