Hi Jouni Thanks for responding. You are right that a generic design with an existing EAP method would be better. However, currently there are no EAP methods that allows me to do that. Does the supplicant maintain some database for different APs and do-not-try-again-for-N-seconds field for every AP? I am using a wired client and my own server. I don't want to rely on some Hostspot specific standard in my case. If you can point me to the relevant code that does this behavior in the supplicant, that would be great. I could then call the relevant functions from my EAP method. Yours Sincerely Khali Singh On Wed, Feb 17, 2016 at 4:36 PM, Jouni Malinen <j@xxxxx> wrote: > On Thu, Feb 11, 2016 at 04:42:17PM +0200, khali singh wrote: >> In this opportunistic connection, the server may ask supplicant to >> backoff for a while (not bother it/ddos) by sending EAP response >> containing x number of seconds for which at minimum the supplicant >> should back off, followed by EAP failure. I don't want to blacklist an >> Access point/server because of an EAP failure. Instead I want to >> sequentially try all AP/server that support's my home-brewed EAP >> method in a round robin fashion until one of them results in >> EAP-Success. an AP/server can send infinite if it doesn't want to see >> the supplicant again. >> >> So, what I am essentially asking is, how can my EAP method inform the >> supplicant when it should try connection with this AP/server again? I >> was hoping that there could be a file/database of SSID and timer after >> which next eapol message is sent by the supplicant to an AP. > > Why would this be done with a custom EAP method? Wouldn't that kind of > mechanism work better with a generic design that works with any existing > EAP method? > > As far as doing the do-not-try-again-for-N-seconds part is concerned, > there is already such function available in generic, EAP method > independent manner: WNM-Notification frame defined in Hotspot 2.0. The > authentication server can request the AP to send such a notification to > the station by including a WFA Hotspot 2.0 Deauthentication Request > attribute into the Access-Accept frame. This is implemented in both > hostapd and wpa_supplicant. > > -- > Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
