[PATCH] Set supplicant port unauthorized during EAP reauthentication

Mikael Kanstrup mikael.kanstrup
Thu Apr 9 04:50:16 PDT 2015

From: York WU <york.wu at sonymobile.com>

When authenticator initiates an EAP reauthentication port should be
set unauthorized until EAP negotiation completes. This prevents
sending data frames when not being authenticated.

The patch solves the following scenario:
- STA connected to AP with EAP based authentication
- iperf (or other traffic) active
- AP (authenticator) initiates EAP reauthentication
  (eap_reauth_period times out)
- During EAP negotiation data continue to flow
- AP deauthenticates STA with reason 2 "Previous authentication
  no longer valid" or reason 7 "Class 3 frame received
  from nonassociated station"

Signed-off-by: Mikael Kanstrup <mikael.kanstrup at sonymobile.com>
 src/eapol_supp/eapol_supp_sm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 9cc234a..b5a7d00 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
+	eapol_sm_set_port_unauthorized(sm);
 	sm->eapRestart = TRUE;

More information about the Hostap mailing list