[PATCH] wpa_supplicant: Wait for eapol 4/4 tx-status before setting key.

Ayun, Amir amira at ti.com
Sun Jul 9 00:28:32 PDT 2017

> -----Original Message-----
> From: Hostap [mailto:hostap-bounces at lists.infradead.org] On Behalf Of Ben
> Greear
> Sent: Friday, July 07, 2017 12:42 AM
> To: hostap at lists.infradead.org
> Cc: Wojciech Dubowik
> Subject: Re: [PATCH] wpa_supplicant: Wait for eapol 4/4 tx-status before
> setting key.
> On 06/13/2017 11:29 AM, greearb at candelatech.com wrote:
> > From: Wojciech Dubowik <Wojciech.Dubowik at neratec.com>
> >
> > Supplicant is using generic L2 send function for EAPOL messages which
> > doesn't give back status whether frame has been acked or not. It can
> > lead to wrong wpa states when EAPOL 4/4 is lost i.e. client is in
> > connected state but keys aren't established on AP side.
> > Fix that by using nl80211_send_eapol_data as for AP side and check in
> > conneced state that 4/4 EAPOL has been acked.
> >
> > As a combined improvement, do not actually set the keys until we
> > receive notification that the 4/4 message was sent.  This fixes races
> > in ath10k CT firmware, and may eventually let other firmware remove
> > hacks that were needed to work around this key-setting race.
> Any comments on this?  We have been testing it for a while, and it seems to
> work well.

I think that delaying the 'set_key' too much might also be problematic since it may raise interop issues
where we might lose the first frames sent from the remote device which will be already encrypted.

> Thanks,
> Ben


More information about the Hostap mailing list