[PATCH] Set supplicant port unauthorized during EAP reauthentication
Mikael Kanstrup
mikael.kanstrup
Thu Apr 9 04:50:16 PDT 2015
From: York WU <york.wu at sonymobile.com>
When authenticator initiates an EAP reauthentication port should be
set unauthorized until EAP negotiation completes. This prevents
sending data frames when not being authenticated.
The patch solves the following scenario:
- STA connected to AP with EAP based authentication
- iperf (or other traffic) active
- AP (authenticator) initiates EAP reauthentication
(eap_reauth_period times out)
- During EAP negotiation data continue to flow
- AP deauthenticates STA with reason 2 "Previous authentication
no longer valid" or reason 7 "Class 3 frame received
from nonassociated station"
Signed-off-by: Mikael Kanstrup <mikael.kanstrup at sonymobile.com>
---
src/eapol_supp/eapol_supp_sm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 9cc234a..b5a7d00 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -312,6 +312,7 @@ SM_STATE(SUPP_PAE, AUTHENTICATED)
SM_STATE(SUPP_PAE, RESTART)
{
SM_ENTRY(SUPP_PAE, RESTART);
+ eapol_sm_set_port_unauthorized(sm);
sm->eapRestart = TRUE;
}
--
1.8.2.2
More information about the Hostap
mailing list