Prioritizing authentication pkts & resending failed EAPOL pkts?

Ben Greear greearb
Thu Feb 3 15:13:11 PST 2011

On 02/03/2011 02:57 PM, Jouni Malinen wrote:
> On Thu, Feb 03, 2011 at 12:18:56PM -0800, Ben Greear wrote:
>> So first question:  Is the auth traffic prioritized over regular traffic?
> That depends on the driver, so this is somewhat of an incorrect mailing
> list for that question.. Anyway, many management frame subtypes are
> often sent at higher priority when QoS/WMM is enabled.
>> Second:  Any idea how to go about fixing up the retransmit logic per
>> this TODO:
>> 		/* TODO: re-send EAPOL-Key couple of times (with short delay
>> 		 * between them?). If all attempt fail, report error and
>> 		 * deauthenticate STA so that it will get new keys when
>> 		 * authenticating again (e.g., after returning in range).
>> 		 * Separate limit/transmit state needed both for unicast and
>> 		 * broadcast keys(?) */
> Are you really looking at IEEE 802.1X and dynamic WEP keys? Sounds kind
> of pointless in this day and age with all the security issues identified
> with WEP. WPA/WPA2 4-way handshake do retransmit EAPOL-Key frames even
> without the lowlevel ack since the station needs to reply to the frames.
>> Here's a filtered part of the log showing ack-failure msgs...
>> 1296763802.180575: 1296763802.365012: IEEE 802.1X: 00:0c:42:61:00:78 TX status - version=2 type=3 length=95 - ack=0
> These frames are retransmitted at higher layer by the WPA/WPA2 4-way
> handshake authenticator, i.e., the comment above does not apply for
> these.

Ok.  I saw those ack=0 messages, and then very shortly after the
4-way auth failed because sm->TimeoutCtr > dot11RSNAConfigPairwiseUpdateCount.

dot11RSNAConfigPairwiseUpdateCount is 4 on my system.  I assumed that
the lack of ack was directly responsible..but maybe it's just a symptom.

Seems that 80 stations do's only when I get up above 100 that
I have troubles..and it seems that HT40 cause more problems than
when I'm using HT20.

I believe I'm using pretty standard auth/encryption, but could
be wrong about that:

# My hacks
     pairwise=TKIP CCMP
     group=TKIP CCMP


Ben Greear <greearb at>
Candela Technologies Inc

More information about the Hostap mailing list