Roaming on android blacklists incorrect bss
Mikael Kanstrup
mikael.kanstrup at sonymobile.com
Fri Jul 1 01:36:37 PDT 2016
Hi Jouni and all,
On Android M we've seen cases where Android's way of roaming sometimes
end up blacklisting incorrect bss.
Connected to BSSID1 to roam to another AP the following sequence of
commands are used:
SET_NETWORK 0 bssid <BSSID2>
ENABLE_NETWORK 0
REASSOCIATE
Most of the time this works just fine, though if authentication timer
times out (probably due to auth/assoc/eapol packet loss) the BSSID
roamed away from gets blacklisted (BSSID1), not the one failing to
reassociate with (BSSID2).
Interesting lines from the log look like this:
wlan0: Considering connect request: reassociate: 1 selected: <BSSID2>
bssid: <BBSID1> pending: 00:00:00:00:00:00 wpa_state: COMPLETED
ssid=<SSID> current_ssid=<SSID>
wlan0: Request association with <BSSID2>
wlan0: Re-association to the same ESS
...
wlan0: Add radio work 'connect'@0x7f9769c230
wlan0: First radio work item in the queue - schedule start immediately
wlan0: Starting radio work 'connect'@0x7f9769c230 after 0.000144 second
wait
wlan0: Trying to associate with SSID <SSID>
...
wlan0: State: COMPLETED -> ASSOCIATING
...
Limit connection to BSSID <BBSID2> freq=5180 MHz based on scan results
(bssid_set=1)
...
nl80211: Connect (ifindex=6)
* bssid=<BSSID2>
* bssid_hint=<BSSID2>
...
nl80211: Connect request send successfully
wlan0: Setting authentication timeout: 10 sec 0 usec
...
wlan0: Authentication with <BSSID1> timed out.
Added BSSID <BSSID1> into blacklist
TDLS: Remove peers on disassociation
wlan0: WPA: Clear old PMK and PTK
wlan0: Request to deauthenticate - bssid=<BSSID1>
pending_bssid=00:00:00:00:00:00 reason=3 state=ASSOCIATING
Question is, is this way of using the REASSOCIATE command to perform
roam operation valid?
I worked on a patch that solved this specific case but had to apply some
hacks to reproduce it with hwsim tests. It would be great with some
feedback on the scenario and attached patches. I think not all of them
should really be applied but should help discussing the problem seen.
Thanks
Mikael Kanstrup
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-nl80211-Add-driver-parameter-force_bss_selection.patch
Type: text/x-patch
Size: 1063 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160701/d395cfa8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-wpa_supplicant-Support-multiple-driver-parameters.patch
Type: text/x-patch
Size: 3120 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160701/d395cfa8/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Implement-IGNORE_AUTH_RESP-control-interface-debug-c.patch
Type: text/x-patch
Size: 4853 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160701/d395cfa8/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-tests-Add-testcase-for-roaming-failure-with-reassoc-.patch
Type: text/x-patch
Size: 2748 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160701/d395cfa8/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-Blacklist-correct-bssid-on-auth-timeout-if-bssid_set.patch
Type: text/x-patch
Size: 2356 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160701/d395cfa8/attachment-0004.bin>
More information about the Hostap
mailing list