Disassociation notification received - possible foul play?
Mon Jun 4 17:34:34 PDT 2012
After connecting to my AP, sometimes - seemingly at random intervals - I
get my device disconnected. Getting a full debug log was very difficult
due to the fact that this happens seemingly at random intervals and it
is very unpredictable, but it always happens after 4way handshake with
the AP is completed.
Yesterday I had a bit more time and thought to create a gigantic log by
running both the wpa_supplicant and the hostapd machines on full debug
(I was determined to get to the bottom of this). I wasn't disappointed!
I was finally able to "capture" a couple of such "disconnection" events
and the log, particularly on the wpa_supplicant was quite interesting.
After 4way handshake is completed, either immediately or soon after, the
supplicant reports the following sequence of events:
wlan0: State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
RSN: received GTK in pairwise handshake - hexdump(len=18): [REMOVED]
WPA: Group Key - hexdump(len=16): [REMOVED]
wlan0: WPA: Installing GTK to the driver (keyidx=2 tx=0 len=16)
WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
wpa_driver_wext_set_key: alg=3 key_idx=2 set_tx=0 seq_len=6 key_len=16
wlan0: WPA: Key negotiation completed with 00:23:cd:18:9e:e8 [PTK=CCMP
wlan0: Cancelling authentication timeout
wlan0: State: GROUP_HANDSHAKE -> COMPLETED
EAPOL: External notification - portValid=1
RTM_NEWLINK: operstate=1 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b15 len=24
Wireless event: new AP: 00:00:00:00:00:00
wlan0: Event DISASSOC (1) received
wlan0: Disassociation notification
wlan0: WPA: Auto connect enabled: try to reconnect (wps=0)
wlan0: Setting scan request: 0 sec 100000 usec
Added BSSID 00:23:cd:18:9e:e8 into blacklist
wlan0: Not rescheduling scan to ensure that specific SSID scans occur
wlan0: CTRL-EVENT-DISCONNECTED bssid=00:23:cd:18:9e:e8 reason=0
wlan0: Disconnect event - remove keys
I keep the full logs of at least 4 such attempts and could provide them
if there is interest.
The way I look at this, my STA is receiving "Disassociation
notification" (from where I don't know!) and then disconnects. I don't
know enough in order to judge whether this is deliberate action done by
somebody or is simply a "glitch" or bug in the system, though there is
no doubt that this "intermittent" disconnection is very annoying as it
disrupts my device (I am running a lot of things on it, which require
constant network traffic). Any ideas what could be the cause of this and
whether there is a potential for foul play?
A couple of other related queries: If I am able to get my wireless on
the client to run in 802.11w mode (the AP is already fully configured to
run and supports such mode), I am guessing events like the one I listed
above would become a thing of the past, is that correct?
If I am *not* able to do that for whatever reason, would it be possible
to alter the wpa_supplicant source code to "ignore" these
"Disassociation" notifications? Where do I do it - any idea? What
possible risks, if any, would there be if I go that route? Thank you in
More information about the Hostap