DHCPDISCOVER at times not encrypted
Dan Williams
dcbw
Mon May 6 14:00:56 PDT 2013
On Mon, 2013-05-06 at 18:43 +0000, Garcia, Paul D wrote:
> > >
> > > Thanks for the input.
> > >
> > > I process each line of:
> > >
> > > def runProcess(exe):
> > > proc = subprocess.Popen(exe, shell=True, stdout=subprocess.PIPE,
> > stderr=subprocess.STDOUT)
> > > while (True):
> > > return_code = proc.poll() # returns None while subprocess is running
> > > line = proc.stdout.readline().strip()
> > > yield line
> > > if (return_code is not None):
> > > break
> > >
> > > looking for:
> > >
> > > if line.find('EAP-MSCHAPV2: Authentication succeeded') >= 0:
> > > # 'if 'EAP- MSCHAPV2...' in line:' would probably be more efficient
> >
> > You want to watch for a state transition to COMPLETED, not just that EAP
> > succeeded, or if you're not doing verbose debugging, then:
> >
> > CTRL-EVENT-CONNECTED - Connection to <BSSID> completed (auth)
> >
> > Otherwise there's a race because the connection isn't completely up yet
> > when the EAP log message is printed, since there's a bunch of steps after
> > that to derive keys and complete the association.
> >
>
> Yes, how careless of me. I can see where this would have the station attempt connection without encryption. I do see the output containing the text you describe and will make the change. Also, you mention verbose output and watching for state transition. I will investigate this as well.
Add "-d" to the supplicant exec line, and then look for:
wlan0: State: GROUP_HANDSHAKE -> COMPLETED
But you'll always get the CTRL-EVENT-CONNECTED message in any debug
level, so you might as well use that instead of COMPLETED.
Dan
More information about the Hostap
mailing list