Hi all,
Request help with a wps-failure issue. The explicit deauth code in the
function: ieee802_1x_finished is causing some interop issues. This
issue happens when the peer device (GC/STA) is very aggressive in
sending in the auth request following the EAP-FAIL. In one such
scenario, the auth request from peer has reached GO/AP in around
7-10ms. So in this case this explicit deauth reaches firmware after
driver/fw has moved to auth/assoc state and terminates the on-going
connection.
Would it be okay to make this explicit deauth code conditional under a
supplicant conf variable?
Could you share your thoughts on this? Accordingly, I shall prepare a
patch for this.
static void ieee802_1x_finished(struct hostapd_data *hapd,
struct sta_info *sta, int success,
int remediation)
{
...
if (!success) {
/*
* Many devices require deauthentication after WPS provisioning
* and some may not be be able to do that themselves, so
* disconnect the client here. In addition, this may also
* benefit IEEE 802.1X/EAPOL authentication cases, too since
* the EAPOL PAE state machine would remain in HELD state for
* considerable amount of time and some EAP methods, like
* EAP-FAST with anonymous provisioning, may require another
* EAPOL authentication to be started to complete connection.
*/
wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "IEEE 802.1X: Force "
"disconnection after EAP-Failure");
/* Add a small sleep to increase likelihood of previously
* requested EAP-Failure TX getting out before this should the
* driver reorder operations.
*/
+++++++++++++++++++++++++++++++++++++++++++++++ Explicit Deauth
os_sleep(0, 10000);
ap_sta_disconnect(hapd, sta, sta->addr,
WLAN_REASON_IEEE_802_1X_AUTH_FAILED);
+++++++++++++++++++++++++++++++++++++++++++++++++++
hostapd_wps_eap_completed(hapd);
}
}
Thanks,
--
Jithu Jance
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
