LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Larry Finger <larry.finger@lwfinger.net>
To: Jouni Malinen <jkmaline@cc.hut.fi>
Cc: Dan Williams <dcbw@redhat.com>,
	Johannes Berg <johannes@sipsolutions.net>,
	netdev <netdev@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>
Subject: Re: Hidden SSID's
Date: Tue, 30 Jan 2007 01:08:29 -0600	[thread overview]
Message-ID: <45BEEEED.9010702@lwfinger.net> (raw)
In-Reply-To: <20070130050841.GC6637@jm.kir.nu>

Jouni Malinen wrote:
> On Mon, Jan 29, 2007 at 10:52:20PM -0600, Larry Finger wrote:
> 
>> When an AP has a hidden SSID, ieee80211 fails, at least with wpa_supplicant,
>> which searches through the scan data looking for a particular ssid. Because
>> ieee80211 has substituted a false ssid, namely "<hidden>", wpa_supplicant
>> cannot authenticate. This behavior is fixed by adding a new argument to
>> ieee80211_translate_scan that contains the expected ssid.
> 
> Would this be replacing the SSID of all BSSes in scan results with the
> SSID for which the latest per-SSID scan was issued? If yes, this does
> not sound any better than the current behavior. The driver/802.11 code
> should not replace the SSID value with anything else than the value
> received from the AP.

Any AP with a hidden SSID will only respond to probe requests that specify its SSID, and will ignore
any other probes. In addition, the response will have an empty SSID field. These responses are the
only ones in which a substitution would occur. These are the same responses where the current code
sends back the "<hidden>" pseudo-SSID. My change would put the correct one there.

> In case of hidden SSIDs, the 802.11 implementation should maintain a
> list of BSSes found during the scan(s) and update the SSID (in most
> cases, by creating a new BSS entry) with the SSID from Probe Response
> frames. In other words, if the scan is done for a specific SSID (Probe
> Request includes that SSID), the AP that is using hidden SSIDs will
> likely include the SSID in Probe Response and data from that Probe
> Response can be used to fill in the missing pieces for the <BSSID,SSID>
> pair.
> 
> Generating false scan results by locally guessing what the SSID
> could be is just plain wrong. The scan results need to be based on real
> frames from the APs.

We aren't guessing. The response frame with the empty SSID field must have come from the AP with the
SSID we want. Filling in the expected value is just making it easier for the user-space tools.

Larry


  reply	other threads:[~2007-01-30  7:08 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-01-27  3:48 Larry Finger
2007-01-27 12:08 ` Dan Williams
2007-01-27 15:29   ` Larry Finger
2007-01-28 21:28   ` Johannes Berg
2007-01-29 13:00     ` Dan Williams
2007-01-30  3:09       ` Jouni Malinen
2007-01-30  3:36         ` Dan Williams
2007-01-30  4:52           ` Larry Finger
2007-01-30  5:08             ` Jouni Malinen
2007-01-30  7:08               ` Larry Finger [this message]
2007-01-30 22:56                 ` Jouni Malinen
2007-01-31  2:35                   ` Larry Finger
2007-02-01 18:46                     ` Jouni Malinen
2007-01-28 22:18   ` Larry Finger
2007-01-30 22:53     ` Jouni Malinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45BEEEED.9010702@lwfinger.net \
    --to=larry.finger@lwfinger.net \
    --cc=dcbw@redhat.com \
    --cc=jkmaline@cc.hut.fi \
    --cc=johannes@sipsolutions.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --subject='Re: Hidden SSID'\''s' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).