Roaming on android blacklists incorrect bss

Mikael Kanstrup mikael.kanstrup at sonymobile.com
Mon Aug 22 09:35:18 PDT 2016 

Hi Jouni,

Wanted to ask if you've had the time look at this. The fix is patch 5/5, 
the others are there only to reproduce the error with hwsim tests. If it 
helps I can resend the patches with git send-mail.

Regards
Mikael Kanstrup

On 07/01/2016 10:36 AM, Mikael Kanstrup wrote:
> Hi Jouni and all,
>
> On Android M we've seen cases where Android's way of roaming sometimes 
> end up blacklisting incorrect bss.
>
> Connected to BSSID1 to roam to another AP the following sequence of 
> commands are used:
> SET_NETWORK 0 bssid <BSSID2>
> ENABLE_NETWORK 0
> REASSOCIATE
>
> Most of the time this works just fine, though if authentication timer 
> times out (probably due to auth/assoc/eapol packet loss) the BSSID 
> roamed away from gets blacklisted (BSSID1), not the one failing to 
> reassociate with (BSSID2).
>
> Interesting lines from the log look like this:
>
> wlan0: Considering connect request: reassociate: 1  selected: 
> <BSSID2>  bssid: <BBSID1>  pending: 00:00:00:00:00:00 wpa_state: 
> COMPLETED  ssid=<SSID>  current_ssid=<SSID>
> wlan0: Request association with <BSSID2>
> wlan0: Re-association to the same ESS
> ...
> wlan0: Add radio work 'connect'@0x7f9769c230
> wlan0: First radio work item in the queue - schedule start immediately
> wlan0: Starting radio work 'connect'@0x7f9769c230 after 0.000144 
> second wait
> wlan0: Trying to associate with SSID <SSID>
> ...
> wlan0: State: COMPLETED -> ASSOCIATING
> ...
> Limit connection to BSSID <BBSID2> freq=5180 MHz based on scan results 
> (bssid_set=1)
> ...
> nl80211: Connect (ifindex=6)
>   * bssid=<BSSID2>
>   * bssid_hint=<BSSID2>
> ...
> nl80211: Connect request send successfully
> wlan0: Setting authentication timeout: 10 sec 0 usec
> ...
> wlan0: Authentication with <BSSID1> timed out.
> Added BSSID <BSSID1> into blacklist
> TDLS: Remove peers on disassociation
> wlan0: WPA: Clear old PMK and PTK
> wlan0: Request to deauthenticate - bssid=<BSSID1> 
> pending_bssid=00:00:00:00:00:00 reason=3 state=ASSOCIATING
>
> Question is, is this way of using the REASSOCIATE command to perform 
> roam operation valid?
> I worked on a patch that solved this specific case but had to apply 
> some hacks to reproduce it with hwsim tests. It would be great with 
> some feedback on the scenario and attached patches. I think not all of 
> them should really be applied but should help discussing the problem 
> seen.
>
> Thanks
> Mikael Kanstrup
>
>
>

More information about the Hostap mailing list