Disassociation notification received - possible foul play?

Michael Zintakis michael.zintakis
Mon Jun 4 17:34:34 PDT 2012 

After connecting to my AP, sometimes - seemingly at random intervals - I 
get my device disconnected. Getting a full debug log was very difficult 
due to the fact that this happens seemingly at random intervals and it 
is very unpredictable, but it always happens after 4way handshake with 
the AP is completed.

Yesterday I had a bit more time and thought to create a gigantic log by 
running both the wpa_supplicant and the hostapd machines on full debug 
(I was determined to get to the bottom of this). I wasn't disappointed!

I was finally able to "capture" a couple of such "disconnection" events 
and the log, particularly on the wpa_supplicant was quite interesting. 
After 4way handshake is completed, either immediately or soon after, the 
supplicant reports the following sequence of events:

wlan0: State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
RSN: received GTK in pairwise handshake - hexdump(len=18): [REMOVED]
WPA: Group Key - hexdump(len=16): [REMOVED]
wlan0: WPA: Installing GTK to the driver (keyidx=2 tx=0 len=16)
WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
wpa_driver_wext_set_key: alg=3 key_idx=2 set_tx=0 seq_len=6 key_len=16
wlan0: WPA: Key negotiation completed with 00:23:cd:18:9e:e8 [PTK=CCMP 
GTK=CCMP]
wlan0: Cancelling authentication timeout
wlan0: State: GROUP_HANDSHAKE -> COMPLETED
EAPOL: External notification - portValid=1
RTM_NEWLINK: operstate=1 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b15 len=24
Wireless event: new AP: 00:00:00:00:00:00
wlan0: Event DISASSOC (1) received
wlan0: Disassociation notification
wlan0: WPA: Auto connect enabled: try to reconnect (wps=0)
wlan0: Setting scan request: 0 sec 100000 usec
Added BSSID 00:23:cd:18:9e:e8 into blacklist
wlan0: Not rescheduling scan to ensure that specific SSID scans occur
wlan0: CTRL-EVENT-DISCONNECTED bssid=00:23:cd:18:9e:e8 reason=0
wlan0: Disconnect event - remove keys

I keep the full logs of at least 4 such attempts and could provide them 
if there is interest.

The way I look at this, my STA is receiving "Disassociation 
notification" (from where I don't know!) and then disconnects. I don't 
know enough in order to judge whether this is deliberate action done by 
somebody or is simply a "glitch" or bug in the system, though there is 
no doubt that this "intermittent" disconnection is very annoying as it 
disrupts my device (I am running a lot of things on it, which require 
constant network traffic). Any ideas what could be the cause of this and 
whether there is a potential for foul play?

A couple of other related queries: If I am able to get my wireless on 
the client to run in 802.11w mode (the AP is already fully configured to 
run and supports such mode), I am guessing events like the one I listed 
above would become a thing of the past, is that correct?

If I am *not* able to do that for whatever reason, would it be possible 
to alter the wpa_supplicant source code to "ignore" these 
"Disassociation" notifications? Where do I do it - any idea? What 
possible risks, if any, would there be if I go that route? Thank you in 
advance!

More information about the Hostap mailing list