Prioritizing authentication pkts & resending failed EAPOL pkts?
Fri Feb 4 13:22:06 PST 2011
On 02/04/2011 12:47 PM, Jouni Malinen wrote:
> On Fri, Feb 04, 2011 at 10:10:50AM -0800, Ben Greear wrote:
>> Jouni: I'm ever hopeful that someday my patches will have a shot
>> at upstream inclusion. For this particular change, would it be
>> more acceptable to have these as configurable values so that users
>> can set the higher timeouts if desired? (I assume that others
>> would be very happy with the current timeouts, so the patch as is
>> might not be acceptable for upstream inclusion.)
> I'm hoping to get to your pending patches soon. As far as this timeout
> change is concerned, I do not really want to change the defaults that
> much. I guess making them configurable could be fine for some very
> special use cases, but in general, I would really like to have the
> default values work for more or less every case without causing
> undesired extra latency for the common cases. It might even be worth
> considering to make the initial timeout dynamic in a way that hostapd
> would avoid the short timeout if there is a large number of concurrent
> 4-way handshakes going on. This could drop the number of unneeded
> EAPOL-Key frames considerable in cases where you are running out of CPU
> or bandwidth during a burst of authentications.
> Are you seeing the issues mainly when trying to connect all the stations
> at the same time or does this happen even when just connecting a single
> station at the time? If you are using WMM, it would be useful to verify
> that the EAPOL-Key frames are sent using AC_VO. If not, you may see
> quite a bit of help from higher priority if there is considerable amount
> of other traffic on the channel at the same time.
I'm using a single supplicant instance, and sharing scan results,
so all of them try to associate at once. I would have to do some
hacking on supplicant to get it to space out assoc/auth requests
to test the assoc farther apart. I'd like to do this..but it seems
like it might be a fair bit of work, so I'm working on other things
In the real-world, most of the time you wouldn't have such a storm of
assoc/auth requests I think..but you would probably have something
similar if your heavily utilized AP was re-started (and all clients
tried to log back on at once).
> If you have some good examples of the issue in wireless capture files,
> please send me something for a closer review. I would like to learn
> whether the EAPOL-Key frames are completely dropped or whether they just
> get delayed too much to hit the timeouts.
I'll work on this.
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Hostap