From owner-freebsd-wireless@FreeBSD.ORG  Mon Jul 29 14:02:58 2013
Return-Path: <owner-freebsd-wireless@FreeBSD.ORG>
Delivered-To: wireless@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id AF512A10;
 Mon, 29 Jul 2013 14:02:58 +0000 (UTC)
 (envelope-from lars@e-new.0x20.net)
Received: from mail.0x20.net (mail.0x20.net [217.69.76.211])
 (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6C1B42813;
 Mon, 29 Jul 2013 14:02:58 +0000 (UTC)
Received: from e-new.0x20.net (mail.0x20.net [IPv6:2001:aa8:fffb:1::3])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.0x20.net (Postfix) with ESMTPS id 08B486A6000;
 Mon, 29 Jul 2013 16:02:56 +0200 (CEST)
Received: from e-new.0x20.net (localhost [127.0.0.1])
 by e-new.0x20.net (8.14.7/8.14.7) with ESMTP id r6TE2tAl021195;
 Mon, 29 Jul 2013 16:02:55 +0200 (CEST)
 (envelope-from lars@e-new.0x20.net)
Received: (from lars@localhost)
 by e-new.0x20.net (8.14.7/8.14.7/Submit) id r6TE2tQt020982;
 Mon, 29 Jul 2013 16:02:55 +0200 (CEST) (envelope-from lars)
Date: Mon, 29 Jul 2013 16:02:55 +0200
From: Lars Engels <lars.engels@0x20.net>
To: =?utf-8?Q?Jean-S=C3=A9bastien_P=C3=A9dron?=
 <jean-sebastien.pedron@dumbbell.fr>
Subject: Re: 802.1X: dhclient started before the auth. process ends
Message-ID: <20130729140255.GU59101@e-new.0x20.net>
References: <51F26CEB.9010200@dumbbell.fr>
 <20130729095946.GK59101@e-new.0x20.net>
 <CAJ-Vmo=yw-jL+T2QUfiOfx8oGZweNt+gWFBaVriVPtWsrVCEiA@mail.gmail.com>
 <51F6758C.9020004@dumbbell.fr>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="Mo5R/H9UGRM/aoK7"
Content-Disposition: inline
In-Reply-To: <51F6758C.9020004@dumbbell.fr>
X-Editor: VIM - Vi IMproved 7.3
X-Operation-System: FreeBSD 8.4-RELEASE
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-current@freebsd.org, wireless@freebsd.org
X-BeenThere: freebsd-wireless@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Discussions of 802.11 stack,
 tools device driver development." <freebsd-wireless.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-wireless>, 
 <mailto:freebsd-wireless-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-wireless>
List-Post: <mailto:freebsd-wireless@freebsd.org>
List-Help: <mailto:freebsd-wireless-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-wireless>, 
 <mailto:freebsd-wireless-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2013 14:02:58 -0000


--Mo5R/H9UGRM/aoK7
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jul 29, 2013 at 04:00:44PM +0200, Jean-S=C3=A9bastien P=C3=A9dron w=
rote:
> On 29.07.2013 15:34, Adrian Chadd wrote:
> > I think you were lucky.
>=20
> I think you're right.
>=20
> It works perfectly on FreeBSD 9.1, because wpa_supplicant finishes the
> auth process really quickly, ie. before dhclient receives an answer from
> dhcpd from the unauthenticated network:
>=20
> Jul 29 15:39:46 - kernel: bge0: link state changed to UP
> Jul 29 15:39:46 - dhclient[46150]: DHCPREQUEST on bge0 to
> 255.255.255.255 port 67
> Jul 29 15:39:47 - wpa_supplicant[46119]: CTRL-EVENT-EAP-STARTED EAP
> authentication started
> ...
> Jul 29 15:39:47 - wpa_supplicant[46119]: CTRL-EVENT-EAP-SUCCESS EAP
> authentication completed successfully
> Jul 29 15:39:48 - dhclient[46150]: DHCPREQUEST on bge0 to
> 255.255.255.255 port 67
> Jul 29 15:39:48 - dhclient[46150]: DHCPACK from 192.168.200.224
> Jul 29 15:39:48 - dhclient: New IP Address (bge0): 192.168.200.91
> Jul 29 15:39:48 - dhclient: New Subnet Mask (bge0): 255.255.255.0
> Jul 29 15:39:48 - dhclient: New Broadcast Address (bge0): 192.168.200.255
> Jul 29 15:39:48 - dhclient: New Routers (bge0): 192.168.200.254
>=20
> On -CURRENT, wpa_supplicant is started more than 10 seconds after the
> interface is UP and dhclient sent its request
> (http://pastebin.com/ZHcbHLQZ). Therefore, a lease from the
> unauthenticated network arrives first. It was working with a previous
> -CURRENT (buildworld from around April if memory serves).

AFAIK rui@ imported a new version of wpa_supplicant into -CURRENT.

>=20
> > dhclient shouldn't start running until wpa_supplicant has completed
> > authentication.
>=20
> Damn, I always thought it worked this way on FreeBSD and happily laughed
> at "Linux co-workers" who use some kind of rc.local script to work
> around this issue :-) In fact, we're all in the same boat!
>=20
> I may take a look at the issue. I guess the place to fix this is in the
> rc scripts. Does someone have a hint?


--Mo5R/H9UGRM/aoK7
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (FreeBSD)

iEYEARECAAYFAlH2dg8ACgkQKc512sD3afgKUACghtVeVOeb7B+fa5Ay5yN7MMwz
mU0AnjK4O/S6KMKDYVX36bDw/rlr4Szo
=9NQr
-----END PGP SIGNATURE-----

--Mo5R/H9UGRM/aoK7--