* Strange Behaviors in 802.11 Association MLME
@ 2017-01-16 21:16 Jinghao Shi
2017-01-23 16:29 ` Johannes Berg
0 siblings, 1 reply; 2+ messages in thread
From: Jinghao Shi @ 2017-01-16 21:16 UTC (permalink / raw)
To: linux-wireless; +Cc: Geoffrey Challen, Shuvendu Lahiri, Ranveer Chandra
Hi,
We're working on a formal validation framework for wireless protocol
implementations. We have performed experiments on the 802.11
association state machine and have found peculiar association
behaviors.We'd like to share our findings to the community and confirm
whether they reveal potential implementation bugs.
TLDR version: the client sends association request despite having
received association response from the AP, is this a bug?
We utilized a real time reactive packet jammer to create the following
packet loss pattern (the rate control policy was set to re-transmit
the packet at most once before reporting the packet as failed. This
may not be realistic in practice but helps reveal interesting
behaviors faster.)
- ASSOC_REQ (received by the AP, confirmed by the following ASSOC_RESP)
- ACK <---- JAMMED
- ASSOC_REQ_RETRY <----- JAMMED, the driver will declare this packet as failed
- ASSOC_RESP (received by the client, confirmed by the following ACK)
- ACK
- ASSOC_REQ <--- problematic packet
- ...
I'm also attaching a pcap capture during this session. Our current
conjecture is that the failure status of the ASSOC_REQ was delivered
to the mac80211 MLME entity before the reception of the ASSOC_RESP
packet.
Let us know if there's any other information we can collect to help
tracing down the issue.
Regards,
Jinghao Shi
PhD Student
University at Buffalo
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Strange Behaviors in 802.11 Association MLME
2017-01-16 21:16 Strange Behaviors in 802.11 Association MLME Jinghao Shi
@ 2017-01-23 16:29 ` Johannes Berg
0 siblings, 0 replies; 2+ messages in thread
From: Johannes Berg @ 2017-01-23 16:29 UTC (permalink / raw)
To: Jinghao Shi, linux-wireless
Cc: Geoffrey Challen, Shuvendu Lahiri, Ranveer Chandra
On Mon, 2017-01-16 at 16:16 -0500, Jinghao Shi wrote:
> Hi,
>
> We're working on a formal validation framework for wireless protocol
> implementations. We have performed experiments on the 802.11
> association state machine and have found peculiar association
> behaviors.We'd like to share our findings to the community and
> confirm
> whether they reveal potential implementation bugs.
>
> TLDR version: the client sends association request despite having
> received association response from the AP, is this a bug?
>
> We utilized a real time reactive packet jammer to create the
> following
> packet loss pattern (the rate control policy was set to re-transmit
> the packet at most once before reporting the packet as failed. This
> may not be realistic in practice but helps reveal interesting
> behaviors faster.)
>
> - ASSOC_REQ (received by the AP, confirmed by the following
> ASSOC_RESP)
> - ACK <---- JAMMED
> - ASSOC_REQ_RETRY <----- JAMMED, the driver will declare this packet
> as failed
> - ASSOC_RESP (received by the client, confirmed by the following
> ACK)
> - ACK
> - ASSOC_REQ <--- problematic packet
> - ...
I don't really see a problem. We assume that the packet was lost due to
the missing ACK, so instead of waiting for a long time, we transmit a
new one. Typically, a missing ACK is far less likely than a missing
frame.
If, as here, the association response arrives, we should properly act
on it either way.
johannes
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-01-23 16:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-16 21:16 Strange Behaviors in 802.11 Association MLME Jinghao Shi
2017-01-23 16:29 ` Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).