aboutsummaryrefslogtreecommitdiffstats
path: root/src/ap/wpa_auth_i.h
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2011-03-29 14:39:12 (GMT)
committerJouni Malinen <j@w1.fi>2011-03-29 14:39:12 (GMT)
commite4bf4db907a8a2d0496d1a184f2574c7f7f1f7f1 (patch)
tree93a3090a4f7dfb1d5016f9165de9c5e456805621 /src/ap/wpa_auth_i.h
parent2fee890af75fb05a69f41b01faa590b75fa7327c (diff)
downloadhostap-e4bf4db907a8a2d0496d1a184f2574c7f7f1f7f1.zip
hostap-e4bf4db907a8a2d0496d1a184f2574c7f7f1f7f1.tar.gz
hostap-e4bf4db907a8a2d0496d1a184f2574c7f7f1f7f1.tar.bz2
Work around SNonce updates on EAPOL-Key 1/4 retransmission
Some deployed supplicants update their SNonce for every receive EAPOL-Key message 1/4 even when these messages happen during the same 4-way handshake. Furthermore, some of these supplicants fail to use the first SNonce that they sent and derive an incorrect PTK using another SNonce that does not match with what the authenticator is using from the first received message 2/4. This results in failed 4-way handshake whenever the EAPOL-Key 1/4 retransmission timeout is reached. The timeout for the first retry is fixed to 100 ms in the IEEE 802.11 standard and that seems to be short enough to make it difficult for some stations to get the response out before retransmission. Work around this issue by increasing the initial EAPOL-Key 1/4 timeout by 1000 ms (i.e., total timeout of 1100 ms) if the station acknowledges reception of the EAPOL-Key frame. If the driver does not indicate TX status for EAPOL frames, use longer initial timeout (1000 ms) unconditionally.
Diffstat (limited to 'src/ap/wpa_auth_i.h')
-rw-r--r--src/ap/wpa_auth_i.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 3173144..67a5c3b 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -120,6 +120,8 @@ struct wpa_state_machine {
* message 2/4 */
u8 *assoc_resp_ftie;
#endif /* CONFIG_IEEE80211R */
+
+ int pending_1_of_4_timeout;
};