On 06/07/2017 23:42, Ben Greear wrote: > On 06/13/2017 11:29 AM, greearb@xxxxxxxxxxxxxxx wrote: >> From: Wojciech Dubowik <Wojciech.Dubowik@xxxxxxxxxxx> >> >> Supplicant is using generic L2 send function for EAPOL >> messages which doesn't give back status whether frame has been >> acked or not. It can lead to wrong wpa states when EAPOL 4/4 >> is lost i.e. client is in connected state but keys aren't >> established on AP side. >> Fix that by using nl80211_send_eapol_data as for AP side >> and check in conneced state that 4/4 EAPOL has been acked. >> >> As a combined improvement, do not actually set the keys until >> we receive notification that the 4/4 message was sent. This fixes >> races in ath10k CT firmware, and may eventually let other firmware >> remove hacks that were needed to work around this key-setting >> race. > > Any comments on this? We have been testing it for a while, and it > seems to work well. I have the same comment as Ilan Peer: disconnecting when failing to send 4/4 is a bit brutal, especially if the 4HS is used for a PTK renewal. I understand that this helps with the case where the authenticator received the 4/4 but the supplicant failed to receive the ACK for it after many retries. But that case should be a bit rare, no ? I'm also curious if it improves the situation of IBSS-RSN, where disconnection isn't possible if the supplicant and authenticator end up in the wrong state. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
