Prioritizing authentication pkts & resending failed EAPOL pkts?

Björn Smedman bjorn.smedman
Fri Feb 4 03:48:29 PST 2011


On Fri, Feb 4, 2011 at 1:56 AM, Jouni Malinen <j at w1.fi> wrote:
>> Seems that 80 stations do ok..it's only when I get up above 100 that
>> I have troubles..and it seems that HT40 cause more problems than
>> when I'm using HT20.
>
> What kind of CPU load are you seeing on the station and AP? 100
> concurrent 4-way handshakes does not sound too much for a modern CPU,
> but you may start hitting some timeouts with too many handshakes being
> tried at the same time. There can be pretty tight time limits on the
> 4-way handshake with some APs. Though, if you are using hostapd on the
> AP, it tries to be a bit friendlier in this area. HT40 vs. HT20
> differences would point towards a lower level issue (and another mailing
> list ;-), though.

I have experimented with delaying EAPOL messages between hostapd and a
supplicant (in this case Mac OS X). A simple delay of a hundred
milliseconds or so leads to similar problems. Unfortunately we didn't
have time to fully debug the problem but we came to the conclusion
that if hostapd's EAPOL retry logic triggers the state machines in
hostapd and the supplicant seem to loose sync in some way and the
4-way handshake fails. The following patch solved this problem for us:

diff -ruN hostapd-20100418-before_eapol_timeout_fix/src/ap/wpa_auth.c
hostapd-20100418-after_eapol_timeout_fix/src/ap/wpa_auth.c
--- hostapd-20100418-before_eapol_timeout_fix/src/ap/wpa_auth.c	2010-11-30
22:07:46.000000000 +0100
+++ hostapd-20100418-after_eapol_timeout_fix/src/ap/wpa_auth.c	2010-11-30
22:11:00.000000000 +0100
@@ -47,8 +47,8 @@

 static const u32 dot11RSNAConfigGroupUpdateCount = 4;
 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
-static const u32 eapol_key_timeout_first = 100; /* ms */
-static const u32 eapol_key_timeout_subseq = 1000; /* ms */
+static const u32 eapol_key_timeout_first = 1000; /* ms */
+static const u32 eapol_key_timeout_subseq = 2000; /* ms */

 /* TODO: make these configurable */
 static const int dot11RSNAConfigPMKLifetime = 43200;


I think the important part is changing eapol_key_timeout_first to a
value large enough to avoid that the EAPOL retry logic triggers. Ben,
does this help your case?

/Bj?rn



More information about the Hostap mailing list