[PATCH 34/44] FT: do not change ANonce during re-sent auth request
Johannes Berg
johannes at sipsolutions.net
Mon Feb 29 14:17:39 PST 2016
On Sun, 2016-02-28 at 19:19 +0200, Jouni Malinen wrote:
> On Wed, Feb 24, 2016 at 12:53:40PM +0100, michael-dev at fami-braun.de
> wrote:
> > Otherwise the station might end up using old ANonce.
>
> Could you please clarify what type of Authentication frame
> retransmission case are you addressing here? It sounds like the
> station
> is broken if it sends another FT Authentication frame and does not
> use
> the ANonce it receives from the response to that frame. Is this
> because
> of mac80211 Authentication frame retries? If so, the correct fix
> would be in mac80211, not in hostapd.
I tend to agree, though I'll note that it might not be so simple.
mac80211 itself has no knowledge of the nonce usage, and will stop
listening and ask wpa_s to process on the first successful auth frame
received, regardless of which frame it was a response to. If, by way of
timing, it receives the response for the first after sending the
second, this could cause issues?
johannes
More information about the Hostap
mailing list