• State TI Thinks Resolved
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 2196 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

WL1837MOD: Frequent GROUP_KEY_HANDSHAKE_TIMEOUT deauthentication in noisy RF environment

Wilson Callan
Prodigy 100 points
Part Number: WL1837MOD


Hi, we are running linux 4.9.17 and have to rekey every hour.  In some cases the connection is lost right at the hour mark due to reason 16 disconnect (Group Key Handshake Timeout).  I suspect the EAPOL message is on the way when we timeout, it just has not made it through due to a heavily used network and/or RF spectrum.  The issue does not occur in quiet/less busy environments.  How do we increase the timeout so that we can allow more time for first rekeying packet to arrive?

I did increase the log level in wpa_supplicant and found that in the case of timeout, we have not even begun handshake, so we need to give that first packet more time to arrive.

When it works, we get logs like this:

07-23 10:20:44.196 I/wpa_supplicant(  468): wlan0: IEEE 802.1X RX: version=2 type=3 length=127
07-23 10:20:44.196 I/wpa_supplicant(  468): wlan0: WPA: RX message 1 of Group Key Handshake from ...
07-23 10:20:44.196 I/wpa_supplicant(  468): wlan0: RSN: msg 1/2 key data
07-23 10:20:44.197 I/wpa_supplicant(  468): wlan0: RSN: received GTK in group key handshake
07-23 10:20:44.201 I/wpa_supplicant(  468): wlan0: WPA: Installing GTK to the driver (keyidx=2 tx=0 len=16)
07-23 10:20:44.225 I/wpa_supplicant(  468): wlan0: WPA: Sending EAPOL-Key 2/2
07-23 10:20:44.226 I/wpa_supplicant(  468): wlan0: WPA: Group rekeying completed with ...

When it does not:
07:30:53.673 I/kernel  (  202): wlan0: deauthenticated from 24:b6:57:f8:b3:8a (Reason: 16=GROUP_KEY_HANDSHAKE_TIMEOUT)

Thanks, Wilson


  • 0
    TI__Mastermind 28285 points

    Hi Wilson,

    How often does this occur? This should be bound by an eapol timeout, which will be somewhere in the supplicant. Let me look and see if i can find where.

    BR,

    Vince 

  • 0 in reply to Vincent Rodriguez
    Prodigy 100 points

    Hi Vince, 

    In some cases it can happen quite frequently, like 13 out of 20 rekeying times.  I looked a little in wpa_supplicant and found:

    sm->serverTimeout = BE_AUTH_DEFAULT_serverTimeout;

    in eapol_auth_alloc() from src/eapol_auth/eapol_auth_sm.c.   

    #define BE_AUTH_DEFAULT_serverTimeout 30

    Is that it do you think?

    - Wilson

  • 0 in reply to Wilson Callan
    Prodigy 100 points

    Vince, are you saying this is something the supplicant sets in the WiLink?  I ask because we are not seeing the supplicant timeout, from what I can tell.  We seem to get a timeout message coming in to mac80211 with no prior activity from wpa_supplicant.  But I can run a test with different settings if you have a suggestion. 

    Thanks, Wilson

  • 0 in reply to Wilson Callan
    TI__Mastermind 28285 points

    Hi Wilson,

    Sorry for the delay. Are you operating our device in AP or STA mode? In AP mode, there should be a config file that configures how often to rekey client devices. When we are in STA mode the interval is dictated by the AP you are connected to, so you wouldn't be able to modify it. 

    It would be interesting to see a sniffer capture of this issue, to see if you have high retry rates on the wi-fi layer and if packets are getting missed. Can you describe alittle bit what your noisy enviroment is? Are you saying there are alot of devices on that channel, high noise floor, other device causing interference?

    There isn't much we can do to improve this. Increasing timeouts might make this issue happen less often, but I'd assume if this issue happens during EAPOL transmissions, its also happening during normal transmissions of data packets. It's probably best to root cause the interference, and see if you can mitigate it by moving to a different channel. 

    BR,

    Vince 

  • 0 in reply to Vincent Rodriguez
    Prodigy 100 points

    We are in STA mode.  You have described the problem exactly.  We have a lot of retries and a high noise floor, a lot of devices and networks, etc.  We use TCP for communication and understand what is going on.  I am not trying to change the how often to rekey clients.  That occurs every hour, as i said.  The issue is that the WiLink times out i waiting for the rekeying.  I want to give a bit more time for the EAPOL messages to arrive.  

    As you said, i want to increase the timeouts and make this issue happen less often. That's all.  How do I do that?

    Thanks, Wilson

  • 0 in reply to Wilson Callan
    TI__Mastermind 28285 points

    Hi Wilson,

    After conferring with a Colleague,  we would recommend you not change this value in the supplicant, as it's only a quick fix for a bigger problem. If you do still want to change it, you can find a setting inside the wpa supplicant.

    If you are using TI supplicant, our source can be found here - https://git.ti.com/cgit/wilink8-wlan/hostap/

    For Open source supplicant, you can find it here- https://w1.fi/wpa_supplicant/

    BR,

    Vince