Roaming on android blacklists incorrect bss

Mikael Kanstrup mikael.kanstrup at
Mon Sep 19 04:17:45 PDT 2016

Hi Jouni,

Thanks a lot for feedback!

2016-09-10 20:30 GMT+02:00 Jouni Malinen <j at>:
> Hmm.. Is that really the case for lost EAPOL frames? That would be
> post-association and wpa_s->bssid is set to the new BSSID when
> completing association. The auth/assoc case sounds more likely to be an
> issue, though.

Yes you're right this is not about lost EAPOL frames. We lack air
sniffer logs so this was a bit of guessing.

> The testing patches 1-4 would need some cleanup to be acceptable, e.g.,
> by making the wpa_s->ignore_auth_resp behavior protected with #ifdef

OK I'll update the patches.

> In addition, I'm not sure why 2/5 is needed
> since the driver parameter is parsed with strstr searches of substrings
> from the full parameter string.

Thanks, yes this patch is not needed.

>Instead of adding IGNORE_AUTH_RESP, I'd
> use the existing SET control interface command. And the new test case
> would need to reset IGNORE_AUTH_RESP in all error cases (e.g., try ..
> finally) or make FLUSH clear this in wpa_supplicant_ctrl_iface_flush().


> As far as the actual fix patch 5/5 is concerned, I don't think I like
> the use of wpa_s->pending_bssid to override wpa_s->bssid in
> wpa_supplicant_timeout() since this function can be called during EAPOL
> timeout (i.e., that post-association case mentioned above). While this
> may work now for most cases, this does not sound like the correct thing
> to do. It might be fine to do so in wpa_state ==
> wpa_supplicant_deauthenticate() does.

Thanks, I will add a check for AUTHENTICATING/ASSOCIATING state.


More information about the Hostap mailing list