Thank you Xiao for your suggestion (off list) to turn off/down the debug level. That seemed to be the issue. Thanks, James On Mon, 2019-05-06 at 13:25 -0700, James Prestwood wrote: > Hi, > > When using FT-SAE I am seeing this behavior in hostapd, where its > taking too long to process authentication and the kernel retransmits. > This eventually leads to an ANonce mismatch. I am using IWD as the > supplicant. I tried to pull out the relevant info, but the full log > is > attached just in case: > > - IWD sends out authentication frame for Fast Transition > > - Kernel forwards Authentication frame: > wlan3: send auth to 12:00:00:00:00:02 (try 1/3) > > - Hostapd receives authentication frame: > FT: Received authentication frame: STA=02:00:00:00:03:00 > BSSID=12:00:00:00:00:02 transaction=1 > FT: Possibly invalid sequence number in pull request from > 12:00:00:00:00:02 > FT: Invalid sequence number in seq response from > 12:00:00:00:00:01 > FT: Invalid sequence number in seq response from > 12:00:00:00:00:02 > (This seems to take enough time for the kernel to retransmit > during > processing) > > - Kernel resends Authentication frame: > wlan3: send auth to 12:00:00:00:00:02 (try 2/3) > > - Hostapd receives authentication retry: > FT: Received authentication frame: STA=02:00:00:00:03:00 > BSSID=12:00:00:00:00:02 transaction=1 > (While processing and doing RRB, kernel retransmits again) > Processing succceeds and hostapd replies: > authentication reply: STA=02:00:00:00:03:00 auth_alg=2 > auth_transaction=2 resp=0 (IE len=145) (dbg=auth-ft-finish) > > - Kernel retransmits for the final time > wlan3: send auth to 12:00:00:00:00:02 (try 3/3) > > - IWD has received the authentication frame, and responds with an > associate. > > - Hostapd receives the 3/3 authentication retransmition, and > processes. > This causes a new ANonce to be generated. The authentication reply > frame sent is never seen in IWD. > > - Hostapd receives associate frame, parses out ANonce and detects a > mismatch since it regenerated a new ANonce after the 3/3 retransmit: > FT: ANonce mismatch in FTIE > > I am guessing the invalid sequence number has something to do with > the > delay and retransmit? Another thing I have noticed is (after IWD > sends > out associate) hostapd sends out its second auth reply, which is > never > received by IWD. Could the kernel be throwing this away since > association already started? If this was received IWD could recover, > and resend the associate frame with the correct ANonce. > > FT-PSK and FT-8021x both work fine. > > Thanks, > James > _______________________________________________ > Hostap mailing list > Hostap@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/hostap _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
