Prioritizing authentication pkts & resending failed EAPOL pkts?

Ben Greear greearb
Fri Feb 4 09:11:48 PST 2011 

On 02/04/2011 03:48 AM, Bj?rn Smedman wrote:
> On Fri, Feb 4, 2011 at 1:56 AM, Jouni Malinen<j at w1.fi>  wrote:
>>> Seems that 80 stations do ok..it's only when I get up above 100 that
>>> I have troubles..and it seems that HT40 cause more problems than
>>> when I'm using HT20.
>>
>> What kind of CPU load are you seeing on the station and AP? 100
>> concurrent 4-way handshakes does not sound too much for a modern CPU,
>> but you may start hitting some timeouts with too many handshakes being
>> tried at the same time. There can be pretty tight time limits on the
>> 4-way handshake with some APs. Though, if you are using hostapd on the
>> AP, it tries to be a bit friendlier in this area. HT40 vs. HT20
>> differences would point towards a lower level issue (and another mailing
>> list ;-), though.
>
> I have experimented with delaying EAPOL messages between hostapd and a
> supplicant (in this case Mac OS X). A simple delay of a hundred
> milliseconds or so leads to similar problems. Unfortunately we didn't
> have time to fully debug the problem but we came to the conclusion
> that if hostapd's EAPOL retry logic triggers the state machines in
> hostapd and the supplicant seem to loose sync in some way and the
> 4-way handshake fails. The following patch solved this problem for us:
>
> diff -ruN hostapd-20100418-before_eapol_timeout_fix/src/ap/wpa_auth.c
> hostapd-20100418-after_eapol_timeout_fix/src/ap/wpa_auth.c
> --- hostapd-20100418-before_eapol_timeout_fix/src/ap/wpa_auth.c	2010-11-30
> 22:07:46.000000000 +0100
> +++ hostapd-20100418-after_eapol_timeout_fix/src/ap/wpa_auth.c	2010-11-30
> 22:11:00.000000000 +0100
> @@ -47,8 +47,8 @@
>
>   static const u32 dot11RSNAConfigGroupUpdateCount = 4;
>   static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
> -static const u32 eapol_key_timeout_first = 100; /* ms */
> -static const u32 eapol_key_timeout_subseq = 1000; /* ms */
> +static const u32 eapol_key_timeout_first = 1000; /* ms */
> +static const u32 eapol_key_timeout_subseq = 2000; /* ms */
>
>   /* TODO: make these configurable */
>   static const int dot11RSNAConfigPMKLifetime = 43200;
>
>
> I think the important part is changing eapol_key_timeout_first to a
> value large enough to avoid that the EAPOL retry logic triggers. Ben,
> does this help your case?

I will try your patch.

Thanks!
Ben

>
> /Bj?rn


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

More information about the Hostap mailing list