We are experiencing frequent deauthentication of Android stations due to GTK rekey failures: EAPOL frames are not answered during the total timeout peroid of 3.5 s. Increase retries to cover a bigger timeout period. Signed-off-by: Günther Kelleter <guenther.kelleter@xxxxxxxxx> --- src/ap/wpa_auth.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) There seems to be a common problem with Android devices getting deauthenticated frequently due to GTK rekey timeouts (https://code.google.com/p/android/issues/detail?id=196035#c56) This patch fixes it by increasing the total timeout period. IMHO a proper fix for this issue would be to implement retransmit timeouts as mandated by 802.11-2012 Ch. 11.6.7.4: "The retransmit timeout value shall be 100 ms for the first timeout, half the listen interval for the second timeout, and the listen interval for subsequent timeouts. If there is no listen interval or the listen interval is zero, then 100 ms shall be used for all timeout values." But 802.11 doesn't give any hints about the number of retries in dot11RSNAConfigGroupUpdateCount. In our test case with Galaxy S6 the station announces a listen interval of 10 beacon periods corresponding in 1.024 seconds. But it remains in power save mode for about 5 seconds. Isn't that a bug in Android which violates 802.11-2012 Ch. 10.2.1.8.a? "The STA shall wake up early enough to be able to receive the first Beacon frame scheduled for transmission at the time corresponding to the last TBTT plus the ListenInterval." This Android bug would still require dot11RSNAConfigGroupUpdateCount to be at least 6 for successful GTK rekeying. Obviously the same applies to PTK rekeying, where 802.11 mandates the same interval specification. Is there a reason that hostapd does not implement retransmit timeouts as mandated by 802.11? diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 43e3558..ba1b58d 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -60,8 +60,8 @@ static void wpa_group_put(struct wpa_authenticator *wpa_auth, struct wpa_group *group); static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos); -static const u32 dot11RSNAConfigGroupUpdateCount = 4; -static const u32 dot11RSNAConfigPairwiseUpdateCount = 4; +static const u32 dot11RSNAConfigGroupUpdateCount = 8; +static const u32 dot11RSNAConfigPairwiseUpdateCount = 8; static const u32 eapol_key_timeout_first = 100; /* ms */ static const u32 eapol_key_timeout_subseq = 1000; /* ms */ static const u32 eapol_key_timeout_first_group = 500; /* ms */ -- 2.10.0.100.gddd73ec _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap