Re: [PATCH] wpa_supplicant: Wait for eapol 4/4 tx-status before setting key.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/07/2017 23:42, Ben Greear wrote:
> On 06/13/2017 11:29 AM, greearb@xxxxxxxxxxxxxxx wrote:
>> From: Wojciech Dubowik <Wojciech.Dubowik@xxxxxxxxxxx>
>>
>> Supplicant is using generic L2 send function for EAPOL
>> messages which doesn't give back status whether frame has been
>> acked or not. It can lead to wrong wpa states when EAPOL 4/4
>> is lost i.e. client is in connected state but keys aren't
>> established on AP side.
>> Fix that by using nl80211_send_eapol_data as for AP side
>> and check in conneced state that 4/4 EAPOL has been acked.
>>
>> As a combined improvement, do not actually set the keys until
>> we receive notification that the 4/4 message was sent.  This fixes
>> races in ath10k CT firmware, and may eventually let other firmware
>> remove hacks that were needed to work around this key-setting
>> race.
> 
> Any comments on this?  We have been testing it for a while, and it
> seems to work well.

I have the same comment as Ilan Peer: disconnecting when failing to
send 4/4 is a bit brutal, especially if the 4HS is used for a PTK
renewal. I understand that this helps with the case where the
authenticator received the 4/4 but the supplicant failed to receive
the ACK for it after many retries. But that case should be a bit rare,
no ?

I'm also curious if it improves the situation of IBSS-RSN, where
disconnection isn't possible if the supplicant and authenticator end
up in the wrong state.

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux