WPS: possible race condition?

Jouni Malinen j at w1.fi
Wed Mar 30 11:58:31 PDT 2016

On Wed, Mar 30, 2016 at 03:50:09PM +0000, Ayun, Amir wrote:
> According to the WPS spec, after completing the registration protocol, the AP will generate the EAP-fail and then a deauthentication packet.

But not all deployed APs do that..

> As an enrollee, once the supplicant gets the EAP-fail packet, it goes on and performs deauthenticate by itself (without waiting to the deauthentication packet from the ap) and starts fast association with the new credentials.

To avoid issues with APs that don't disconnect here..

> In case the supplicant will get the deauthentication packet from the ap, while associating, will it ignore the deauth and continue with the association?

Probably not, i.e., this would likely result in another connection
attempt after that failed attempt due to the "late Deauthentication
frame" terminating the first attempt. The exact behavior depends on
which driver is used since it may not be wpa_supplicant SME that is used
here to handle the steps between Authentication and Association frame

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list