hostapd and tkip countermeasures

divy at speakeasy.net divy
Sat Oct 8 14:32:51 PDT 2005


Adding a title to the previous message :)

There does not seem to be an hostapd equivalent to the wpa_supplicant function wpa_drv_set_countermeasures(). 
Hostapd enforces tkip countermeasures only if it handles the management frames. 
If a driver only reports association events, hostapd proceeds to the authentication phase even if coutermeasures are still active.

Here is a proposed patch to hostapd.c that fixes the issue:

$ diff --unified=2  hostapd-1.112.c hostapd.c
--- hostapd-1.112.c     2005-10-08 13:47:15.573785200 -0700
+++ hostapd.c   2005-10-08 13:53:07.112778700 -0700
@@ -202,4 +202,10 @@
 void hostapd_new_assoc_sta(hostapd *hapd, struct sta_info *sta, int reassoc)
 {
+       if (hapd->tkip_countermeasures) {
+               hostapd_sta_deauth(hapd, sta->addr,
+                                  WLAN_REASON_MICHAEL_MIC_FAILURE);
+               return;
+       }
+
        /* IEEE 802.11F (IAPP) */
        if (hapd->conf->ieee802_11f)

Cheers,
Divy






More information about the Hostap mailing list