Hi, We are conducting a research project that verifies implementations of 802.11 authentication/association state machine. Here is one testing scenario under which we have observed unexpected behaviors from hostapd. We want to confirm if our finding is valid. In the test case, the AUTH response packet (from the AP to the client) is received by the client but the corresponding ack packet (from client to AP) is lost. And all the re-transmissions of the AUTH response packet are also lost. Then the AP will consider the AUTH response packet failed. But the client thinks the authentication was successful (since it receives the AUTH response packet). So the client will continue and send the ASSOC request packet. >From reading the code of hostapd. in src/ap/ieee802_11.c:handle_auth_cb function, it seems the success of the AUTH response packet is required for the AP to consider the client as authenticated (if the AUTH response packet failed (ok=0), the function will return immediately without setting the WLAN_STA_AUTH flag of the sta), which makes sense. However, when open authentication is used, hostapd marks the client as authenticated as soon as it receives the AUTH request packet ( src/ap/ieee802_11.c:handle_auth). Does this violate the authentication protocol as the AUTH response packet may not be successful? I guess the ultimate question is: *should the AP consider the client as authenticated if the AUTH response packet failed?* Highly appreciated if somebody can offer clarification. Regards, Jinghao Shi Ph.D students at University at Buffalo _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
