Hello!
Problem: PTK (and sometimes GTK-rekeying) is broken under high network
load. The high network load is produced with netperf:
while true ;
do
netperf -t TCP_STREAM -H host
netperf -t TCP_MAERTS -H host
netperf -t TCP_SNDFILE -H host
done
During rekeying, mostly of PTK, the 4 way handshake is broken, because
hostapd doesn't get the last answer from supplicant. Supplicant itself
thinks, all would be fine - PTK rekeying would be ready.
Goal:
Near down the component, which is responsible for the broken PTK rekeying.
The following tests all where done with a WPA2 / PSK / ieee80211n / 40
MHz bandwith, 2,4 GHz based connection and a PTK rekeying delta of 50 s
configured on hostapd.
hwcrypt was switched off in hardware for hostapd.
I did the tests with different components. The result can be found in
the table below.
Components:
Hardware for accesspoint:
A1) Linksys WMP600N (rt2800pci)
or
A2) Atheros ar9285 (ath9k)
Hardware for Supplicant:
H1) WUSB600Nv2
H2) Atheros ar9285
Drivers for Supplicant
D1) wpa_supplicant with wext
D2) wpa_supplicant with nl80211
D3) rt3572sta without wpa_supplicant
1. test
accesspoint Hardware for Driver for
supplicant supplicant Rekeying
--------------------------------------------------------
A1 H1 D1 broken
A1 H1 D3 fine
A1 H2 D1 broken
A1 H2 D2 broken
A2 H1 D1 broken
A2 H1 D3 fine
fine means: Rekeying never broke during > 1,5 h.
broken means: Rekeying was broken after the first or no later then fifth
incidence.
Summary:
Rekeying is fine as long as no wpa_supplicant / wext / or nl80211
framework is used on the supplicant.
The rt3572sta-driver without wpa_supplicant works just fine - as expected.
The problem could be in the wireless framework or in wpa_supplicant -
that's what I cannot say.
But I could see one big difference between the handling of the rekying
by wpa_supplicant and rt3572sta-driver:
the rt3572sta-driver stops the datastream during rekeying. This is about
half a second.
With wpa_supplicant, I can't see this stop. It stops after the rekeying
has been broken because of deauthentication.
The following reauthentication takes much longer and sometimes doesn't
work at all.
Could somebody please look at this problem? If you have some more
questions - please ask - I'll try to answer them.
Andreas