On Thu, Feb 11, 2016 at 04:42:17PM +0200, khali singh wrote: > In this opportunistic connection, the server may ask supplicant to > backoff for a while (not bother it/ddos) by sending EAP response > containing x number of seconds for which at minimum the supplicant > should back off, followed by EAP failure. I don't want to blacklist an > Access point/server because of an EAP failure. Instead I want to > sequentially try all AP/server that support's my home-brewed EAP > method in a round robin fashion until one of them results in > EAP-Success. an AP/server can send infinite if it doesn't want to see > the supplicant again. > > So, what I am essentially asking is, how can my EAP method inform the > supplicant when it should try connection with this AP/server again? I > was hoping that there could be a file/database of SSID and timer after > which next eapol message is sent by the supplicant to an AP. Why would this be done with a custom EAP method? Wouldn't that kind of mechanism work better with a generic design that works with any existing EAP method? As far as doing the do-not-try-again-for-N-seconds part is concerned, there is already such function available in generic, EAP method independent manner: WNM-Notification frame defined in Hotspot 2.0. The authentication server can request the AP to send such a notification to the station by including a WFA Hotspot 2.0 Deauthentication Request attribute into the Access-Accept frame. This is implemented in both hostapd and wpa_supplicant. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
