Re: WPA regression (was: CVS commit: src/dist/wpa)

To: current-users%netbsd.org@localhost
Subject: Re: WPA regression (was: CVS commit: src/dist/wpa)
From: christos%astron.com@localhost (Christos Zoulas)
Date: Thu, 31 Jan 2008 00:19:32 +0000 (UTC)

In article <20080130135843.GC14183%baea.com.au@localhost>,
Brett Lymn  <blymn%baesystems.com.au@localhost> wrote:
>-=-=-=-=-=-
>
>On Wed, Jan 30, 2008 at 12:52:07AM +0100, Jukka Salmi wrote:
>> 
>> If your AP doesn't run hostapd or you don't have access to it, try
>> running wpa_supplicant with option -dd and without -B; as soon as
>> rekeying fails you should see "Added BSSID XXX into blacklist", where
>> XXX is your AP's BSSID.
>> 
>> At least that's what I'm currently seeing, as soon as the first rekeying
>> takes place...
>>
>
>what I see after the rekeying is:
>
> WPA: EAPOL frame too short to be a WPA EAPOL-Key (len 46, expecting at
>least 99)
>
>looking at the code it looks like the return value from
>wpa_sm_rx_eapol() is ignored in wpa_supplicant_rx_eapol() and there
>does not appear to be a timeout if the EAPOL-key fails.
>
>I brute forced a fix by checking the return from wpa_sm_rx_eapol() and
>if it is 0 then force a complete reauthentication.  I am sure this is
>not the correct fix but it seems to go a long way towards stopping my
>wireless network breaking every time a rekeying is performed.
>Attached is a diff to wpa_supplicant.c in src/dist/wpa/wpa_supplicant.

I think that fix is good anyway.

christos

References:
- Re: WPA regression (was: CVS commit: src/dist/wpa)
  - From: Stephen M. Rumble
- Re: WPA regression (was: CVS commit: src/dist/wpa)
  - From: Jukka Salmi
- Re: WPA regression (was: CVS commit: src/dist/wpa)
  - From: Brett Lymn

Prev by Date: Re: printer recommendations
Next by Date: kauth and sched_{get,set}param
Previous by Thread: Re: WPA regression
Next by Thread: Re: WPA regression (was: CVS commit: src/dist/wpa)
Indexes:

Home | Main Index | Thread Index | Old Index