Initiating supplicant connections
khali singh
khali3620 at gmail.com
Wed Feb 17 07:57:52 PST 2016
Hi Jouni
Thanks for responding.
You are right that a generic design with an existing EAP method would be better.
However, currently there are no EAP methods that allows me to do that.
Does the supplicant maintain some database for different APs and
do-not-try-again-for-N-seconds field for every AP?
I am using a wired client and my own server. I don't want to rely on
some Hostspot specific standard in my case. If you can point me to the
relevant code that does this behavior in the supplicant, that would be
great. I could then call the relevant functions from my EAP method.
Yours Sincerely
Khali Singh
On Wed, Feb 17, 2016 at 4:36 PM, Jouni Malinen <j at w1.fi> wrote:
> On Thu, Feb 11, 2016 at 04:42:17PM +0200, khali singh wrote:
>> In this opportunistic connection, the server may ask supplicant to
>> backoff for a while (not bother it/ddos) by sending EAP response
>> containing x number of seconds for which at minimum the supplicant
>> should back off, followed by EAP failure. I don't want to blacklist an
>> Access point/server because of an EAP failure. Instead I want to
>> sequentially try all AP/server that support's my home-brewed EAP
>> method in a round robin fashion until one of them results in
>> EAP-Success. an AP/server can send infinite if it doesn't want to see
>> the supplicant again.
>>
>> So, what I am essentially asking is, how can my EAP method inform the
>> supplicant when it should try connection with this AP/server again? I
>> was hoping that there could be a file/database of SSID and timer after
>> which next eapol message is sent by the supplicant to an AP.
>
> Why would this be done with a custom EAP method? Wouldn't that kind of
> mechanism work better with a generic design that works with any existing
> EAP method?
>
> As far as doing the do-not-try-again-for-N-seconds part is concerned,
> there is already such function available in generic, EAP method
> independent manner: WNM-Notification frame defined in Hotspot 2.0. The
> authentication server can request the AP to send such a notification to
> the station by including a WFA Hotspot 2.0 Deauthentication Request
> attribute into the Access-Accept frame. This is implemented in both
> hostapd and wpa_supplicant.
>
> --
> Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list