9

I'm writing a fairly low-level driver for a wireless card, and while most of the spec is fairly straightforward, I haven't wrapped my head around a single question yet:

If my station is in power-save mode and its receiver is turned off for an extended period (say, 10 seconds) between DTIM frames, and the access point is rebooted in the meantime so my association is lost, how can I detect this?

I'm aware that the most common case will be that synchronisation is lost thoroughly enough that I will miss a number of beacons and simply go back to the AP search afterwards, but if by some lucky chance I get to see beacons, is there some way to find out that this is a new "instance" of the same AP?

I can think of

  • a short(er) TIM field -- however I believe APs are allowed to shorten the TIM information if no traffic is waiting
  • the AP timestamp changing unexpectedly.
  • the "number of beacons to next DTIM" field changing unexpectedly.

Being a perfectionist, I'd like to know if there is an entirely reliable way to detect that the AP has been rebooted, rather than just putting together clues.

Simon Richter
  • 28,572
  • 1
  • 42
  • 64
  • Really cool problem. I'd bet the farm that most manufacturers follow your "most common case." You probably can't say, but I'd *love* to know who you work for so I can buy your products! Good luck getting an answer! – Ben Burns May 19 '11 at 14:25
  • Also, I wouldn't put too much weight on a solution that prioritizes strict adherence to the standard, or likewise one which capitalizes on trends in how manufacturers ignore the standard. Having worked in this field before it's amazing how many corners manufacturers will cut in order to save a few bucks on a shrink wrap product. – Ben Burns May 19 '11 at 14:27

2 Answers2

1

I would suggest that you look at the TSF in received beacon frames and if it differs too much from the TSF you expected you send a NULL-data frame to the AP. If the AP was rebooted it should respond with a deauthenticate frame with reason "Class 2 frame received from nonauthenticated STA".

Per Knytt
  • 1,931
  • 1
  • 11
  • 14
0

I don't have any knowledge of wireless cards at that level, but I'd take a practical route and analyze the communication from the AP just leading up to the disconnect for a pattern that matches a typical shutdown sequence; for example, "no more traffic, a sudden loss of DTIM sync, and then an AP announcement".

Off the top of my head: maybe look into Kismet's AP detection and analysis code for an idea or two. I'd bet someone else has encountered this problem before.

Cheers!

jmkeyes
  • 3,751
  • 17
  • 20
  • The issue at hand is that the station is in power save mode, so it cannot see the pattern, it wakes up right before the DTIM frame, receives the frame and any broadcast traffic, and goes back to sleep. Somewhere in between, it needs to decide whether the AP is still aware that the station exists, reassociate if not and ideally keep silent if it is. So basically it boils down to "looking at this DTIM frame, I think I've lost my association". – Simon Richter May 20 '11 at 10:55
  • I don't think it's possible to detect what the future will be from just a single DTIM frame. My guess is that you need to keep a history of N number of frames or keep statistics on the reception of those frames in order to guess if the AP has rebooted. A Markov chain might be helpful for statistics here. – jmkeyes May 20 '11 at 23:39
  • All I'd get from this would be a probability value though -- while it's actually somewhat unlikely for the AP to reboot in a way that lets me still receive beacons. This is about removing the last bit of doubt. :) – Simon Richter May 22 '11 at 12:03