no more gtk rekeying after local deauth request (hostapd-wpa_supplicant)

thomas schorpp t.schorpp
Sun Nov 6 12:42:53 PST 2005


Jouni Malinen wrote:
> On Fri, Nov 04, 2005 at 03:07:17AM +0100, thomas schorpp wrote:
> 
>>>On Wed, Aug 31, 2005 at 11:54:17PM +0200, thomas schorpp wrote:
>>>
>>>>strange: if a linux wpasuppl. rsn client joins the net no more group key
>>>>handshakes with this xp client with latest hostapd...?
>>>>-> maybe security issue / policy violation
> 
> 
>>-no more gtk rekeying until wpasupplicant restart.
> 
> 
>>ok. i do it next, this is a security issue. windows+mac rsn clients not
>> involved and rekeying normal with hostapd.
> 
> 
> I'm trying to remember what was the exact issue. Could you please give a
> short summary of what the problems you have seen are?
> 
> If I understood correctly, you are using madwifi+hostapd as the AP and
> have both Linux (madwifi+wpa_supplicant) and Windows/MAC clients using
> WPA2.

yes. except of one of two winxp clients using WPA1 cause belkin driver doesnt
support RSN but WPA with CCMP/AES. all in all up to 4 clients.

hostapd is configured to accept WPA1+2 but requires CCMP.

> 
> Are you saying that hostapd stops rekeying group keys when both Linux
> and Windows/MAC clients are associated, but this does not happen if
> either only the Linux client associates or only Windows/MAC clients
> associate? Or is rekeying only stopped for one of the clients and the
> other clients continue getting new group keys?
> 

mac/winxp clients rekeying goes on.

hostapd stops rekeying with wpa_supplicant after 

# EAP reauthentication period in seconds (default: 3600 seconds; 0 = disable
# reauthentication).
eap_reauth_period=3600

is fired.

last seen with only one RSN wpa_supplicant linux client on the network.

client machine then prints eap auth failure.

hostapd maintains connection and port further authorized.

it does *not* occur with both in full debugging mode.

ive set it to 0 for now.

y
tom






More information about the Hostap mailing list