hostapd handling .1x and reassoc

Jouni Malinen jkmaline
Sun Dec 24 11:23:51 PST 2006


On Fri, Dec 22, 2006 at 09:31:00AM -0800, Ta-Chien Lin wrote:

> When hostapd is running in 802.1x mode and an associated client (AP's
> perspective) sends ASSOC or RE-ASSOC, both are treated as RE-ASSOC by
> hostapd.

> At this point, if the AP does not receive EAPOL-Start from the client (event
> 5 notification), for any reason, the connection remains "authorized" but
> there is no longer any KEY.
> 
> In a real assoc event, hostapd will take the data path to immediately begin
> .1X authentication, so the connection can move along, whether STA sends
> EAPOL-Start or not.
> 
> It would be good if on a "re-assoc" event, hostapd does the same thing,
> without waiting for STA's EAPOL-Start to show up.

Agreed.

> This can be accomplished by adding "sta->eapol_sm->reAuthenticate = TRUE;"
> in the function ieee802_1x_new_station, in the else clause of "if
> (sta->pmksa)", just before stepping through the eapol state machine.

Thanks for reporting this. I added this type of change into ieee802_1x.c
in 0.5.x and 0.6.x branches. Though, I'm only setting reAuthenticate =
TRUE on re-association, not when creating the EAPOL state machines for
the first time. Anyway, the end result is same.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list