Initiating supplicant connections

Jouni Malinen j at w1.fi
Wed Feb 17 06:36:38 PST 2016


On Thu, Feb 11, 2016 at 04:42:17PM +0200, khali singh wrote:
> In this opportunistic connection, the server may ask supplicant to
> backoff for a while (not bother it/ddos) by sending EAP response
> containing x number of seconds for which at minimum the supplicant
> should back off, followed by EAP failure. I don't want to blacklist an
> Access point/server because of an EAP failure. Instead I want to
> sequentially try all AP/server that support's my home-brewed EAP
> method in a round robin fashion until one of them results in
> EAP-Success. an AP/server can send infinite if it doesn't want to see
> the supplicant again.
> 
> So, what I am essentially asking is, how can my EAP method inform the
> supplicant when it should try connection with this AP/server again? I
> was hoping that there could be a file/database of SSID and timer after
> which next eapol message is sent by the supplicant to an AP.

Why would this be done with a custom EAP method? Wouldn't that kind of
mechanism work better with a generic design that works with any existing
EAP method?

As far as doing the do-not-try-again-for-N-seconds part is concerned,
there is already such function available in generic, EAP method
independent manner: WNM-Notification frame defined in Hotspot 2.0. The
authentication server can request the AP to send such a notification to
the station by including a WFA Hotspot 2.0 Deauthentication Request
attribute into the Access-Accept frame. This is implemented in both
hostapd and wpa_supplicant.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list