[PATCH] wpa_supplicant: Wait for eapol 4/4 tx-status before setting key.
amira at ti.com
Sun Jul 9 00:28:32 PDT 2017
> -----Original Message-----
> From: Hostap [mailto:hostap-bounces at lists.infradead.org] On Behalf Of Ben
> Sent: Friday, July 07, 2017 12:42 AM
> To: hostap at lists.infradead.org
> Cc: Wojciech Dubowik
> Subject: Re: [PATCH] wpa_supplicant: Wait for eapol 4/4 tx-status before
> setting key.
> On 06/13/2017 11:29 AM, greearb at candelatech.com wrote:
> > From: Wojciech Dubowik <Wojciech.Dubowik at neratec.com>
> > Supplicant is using generic L2 send function for EAPOL messages which
> > doesn't give back status whether frame has been acked or not. It can
> > lead to wrong wpa states when EAPOL 4/4 is lost i.e. client is in
> > connected state but keys aren't established on AP side.
> > Fix that by using nl80211_send_eapol_data as for AP side and check in
> > conneced state that 4/4 EAPOL has been acked.
> > As a combined improvement, do not actually set the keys until we
> > receive notification that the 4/4 message was sent. This fixes races
> > in ath10k CT firmware, and may eventually let other firmware remove
> > hacks that were needed to work around this key-setting race.
> Any comments on this? We have been testing it for a while, and it seems to
> work well.
I think that delaying the 'set_key' too much might also be problematic since it may raise interop issues
where we might lose the first frames sent from the remote device which will be already encrypted.
More information about the Hostap