From: James Cameron <quozl@laptop.org>
To: Dan Williams <dcbw@redhat.com>
Cc: voncken <cedric.voncken@acksys.fr>,
'wim torfs' <wtorfs@gmail.com>,
linux-wireless@vger.kernel.org
Subject: Re: ARP dropped during WPA handshake
Date: Sat, 14 Mar 2015 05:34:09 +1100 [thread overview]
Message-ID: <20150313183409.GF18964@us.netrek.org> (raw)
In-Reply-To: <1426264174.19064.19.camel@redhat.com>
On Fri, Mar 13, 2015 at 11:29:34AM -0500, Dan Williams wrote:
> On Fri, 2015-03-13 at 16:53 +0100, voncken wrote:
> > > > Below, a tcpdump capture from sta.
> > > > 17:43:12.964096 EAPOL key (3) v2, len 95
> > > > 17:43:12.998439 EAPOL key (3) v1, len 117
> > > > 17:43:13.062409 ARP, Request who-has 10.32.61.100 tell 10.32.0.1,
> > > > length 28
> > > > 17:43:13.079989 EAPOL key (3) v2, len 151
> > > > 17:43:13.082764 EAPOL key (3) v1, len 95
> > > > 17:43:14.062381 ARP, Request who-has 10.32.61.100 tell 10.32.0.1,
> > > > length 28
> > > > 17:43:14.127101 ARP, Reply 10.32.61.100 is-at b8:88:e3:45:1d:c6 (oui
> > > > Unknown), length 46
> > > > 17:43:14.127123 IP 10.69.1.201.41690 > 10.32.61.100.5001: UDP, length
> > > > 1470
> > > > 17:43:14.127136 IP 10.69.1.201.41690 > 10.32.61.100.5001: UDP, length
> > > > 1470
> > > >
> > > > You can see the ARP request during the WPA Handshake.
> > >
> > > During the initial WPA handshake the connection is not fully set up, and so
> > > no general traffic can (nor should) pass between the STA and AP.
> > > That includes ARP and any L2/L3+ protocols, except for EAP and wifi
> > > management packets.
> > >
> > > The interface itself must be IFF_UP before it can pass traffic, including the
> > > WPA handshake traffic. IFF_UP only means that the interface can be
> > > configured at the L2 level and the hardware is active, it does *not* mean the
> > > interface can pass traffic.
> > >
> > > Whatever is causing the ARPs shouldn't be doing that yet, and should be fixed
> > > to use the interface's "operstate" or IFF_LOWER_UP instead of IFF_UP. Only
> > > when the supplicant changes the interface's operstate to IF_OPER_UP is the
> > > interface *actually* ready to pass traffic. IFF_UP is not sufficient.
> > >
> >
> > Thanks for your reply.
> >
> > It seems wpa_supplicant set the operstate to IF_OPER_DORMANT when he received the ASSOCIATED Event from the driver (through netlink). And set the operstate to IF_OPER_UP in case of wpa handshake success.
> >
> > Is it normal the local ip stack send arp when netdev it is on IF_OPER_DORMANT state?
>
> I'm not sure the kernel stack cares much as long as the device is up.
> It is requesting the ARP because some application is attempting to
> communicate with that IP address. That application should probably be
> waiting until the interface is actually ready to communicate, which
> means IF_OPER_UP.
>
> But if this is the first WPA handshake with the AP during the initial
> connection, the wifi device shouldn't even have an IP address yet, so
> nothing should be doing ARP on the interface yet.
I thought that ARP was a means to get an IP address before an
interface had an IP address, so the interface spends some time without
an IP address yet generating ARP.
> Perhaps whatever is assigning the IP address to the interface is
> doing it too early, before the interface is IF_OPER_UP?
>
> Dan
>
> >
> > >
> > >
> > > > Any suggestion will be appreciate.
> > > >
> > > > Cedric.
> > > > >
> > > > > > Thanks for your help.
> > > > > >
> > > > > > Cedric Voncken
> > > > > >
> > > > > >
> > > > > > --
> > > > > > To unsubscribe from this list: send the line "unsubscribe
> > > > > > linux-wireless" in the body of a message to
> > > > > > majordomo@vger.kernel.org More majordomo info at
> > > > > > http://vger.kernel.org/majordomo-info.html
> > > >
> > > > --
> > > > To unsubscribe from this list: send the line "unsubscribe
> > > > linux-wireless" in the body of a message to majordomo@vger.kernel.org
> > > > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > >
> >
> >
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
James Cameron
http://quozl.linux.org.au/
next prev parent reply other threads:[~2015-03-13 18:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-13 11:36 ARP dropped during WPA handshake Cedric VONCKEN
2015-03-13 12:17 ` wim torfs
2015-03-13 13:41 ` voncken
2015-03-13 14:06 ` Dan Williams
2015-03-13 15:53 ` voncken
2015-03-13 16:29 ` Dan Williams
2015-03-13 18:34 ` James Cameron [this message]
2015-03-13 18:58 ` Arend van Spriel
2015-03-17 15:02 ` voncken
2015-03-17 16:04 ` Dan Williams
-- strict thread matches above, loose matches on Subject: below --
2015-03-13 9:29 Cedric VONCKEN
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150313183409.GF18964@us.netrek.org \
--to=quozl@laptop.org \
--cc=cedric.voncken@acksys.fr \
--cc=dcbw@redhat.com \
--cc=linux-wireless@vger.kernel.org \
--cc=wtorfs@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).