[PATCH] wpa_supplicant: Use nl80211_send_eapol_data for station

Peer, Ilan ilan.peer at intel.com
Sun Jun 11 00:24:29 PDT 2017


HI,

Couple of comments below (in addition to changing this to use the nl80211 transport as discussed).

> -----Original Message-----
> From: Hostap [mailto:hostap-bounces at lists.infradead.org] On Behalf Of
> Wojciech Dubowik
> Sent: Friday, June 09, 2017 12:22
> To: hostap at lists.infradead.org
> Cc: Wojciech Dubowik <Wojciech.Dubowik at neratec.com>
> Subject: [PATCH] wpa_supplicant: Use nl80211_send_eapol_data for station
> 
> Supplicant is using generic L2 send function for EAPOL messages which
> doesn't give back status whether frame has been acked or not. It can lead to
> wrong wpa states when EAPOL 4/4 is lost i.e. client is in connected state but
> keys aren't established on AP side.
> Fix that by using nl80211_send_eapol_data as for AP side and check in
> conneced state that 4/4 EAPOL has been acked.
> 
> Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik at neratec.com>
> ---
>  src/drivers/driver.h         | 12 ++++++++++++
>  src/drivers/driver_nl80211.c | 11 +++++++++++
>  wpa_supplicant/driver_i.h    | 10 ++++++++++
>  wpa_supplicant/events.c      | 17 ++++++++++++++++-
>  wpa_supplicant/wpas_glue.c   |  6 ++++++
>  5 files changed, 55 insertions(+), 1 deletion(-)

...

> 
> diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index
> 3a2ec64..af9bf2a 100644
> --- a/wpa_supplicant/events.c
> +++ b/wpa_supplicant/events.c
> @@ -3966,13 +3966,28 @@ void wpa_supplicant_event(void *ctx, enum
> wpa_event_type event,
>  		}
>  #endif /* CONFIG_AP */
>  		break;
> -#ifdef CONFIG_AP
>  	case EVENT_EAPOL_TX_STATUS:
> +#ifdef CONFIG_AP
>  		ap_eapol_tx_status(wpa_s, data->eapol_tx_status.dst,
>  				   data->eapol_tx_status.data,
>  				   data->eapol_tx_status.data_len,
>  				   data->eapol_tx_status.ack);
> +#else

This would not work in case that CONFIG_AP is set (wpa_supplicant support for AP/P2P GO etc. interfaces). Instead check wpa_s->ap_iface to see if this is an AP interface or not.

> +		wpa_dbg(wpa_s, MSG_DEBUG,
> +				"EAPOL_TX_STATUS: ACK(%d)",
> +				   data->eapol_tx_status.ack);
> +		if (!data->eapol_tx_status.ack &&
> +		   wpa_s->wpa_state == WPA_COMPLETED) {
> +			wpa_dbg(wpa_s, MSG_DEBUG,
> +				"EAPOL 4/4 Not acked, disconnecting");
> +			wpa_s->own_disconnect_req = 1;
> +			wpa_supplicant_deauthenticate(
> +				wpa_s,
> WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT);
> +

It is possible that the Authenticator can recover from loss of message 4 by retrying to send message 3 again (as done in hostap), so it might be better to have the wpa PAE state machine handle such a case more gracefully.

> +		}
> +#endif
>  		break;
> +#ifdef CONFIG_AP
>  	case EVENT_DRIVER_CLIENT_POLL_OK:
>  		ap_client_poll_ok(wpa_s, data->client_poll.addr);
>  		break;
> diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
> index ae246f9..da81ac0 100644
> --- a/wpa_supplicant/wpas_glue.c
> +++ b/wpa_supplicant/wpas_glue.c
> @@ -97,6 +97,7 @@ static u8 * wpa_alloc_eapol(const struct wpa_supplicant
> *wpa_s, u8 type,  static int wpa_ether_send(struct wpa_supplicant *wpa_s,
> const u8 *dest,
>  			  u16 proto, const u8 *buf, size_t len)  {
> +	int ret;
>  #ifdef CONFIG_TESTING_OPTIONS
>  	if (wpa_s->ext_eapol_frame_io && proto == ETH_P_EAPOL) {
>  		size_t hex_len = 2 * len + 1;
> @@ -111,6 +112,11 @@ static int wpa_ether_send(struct wpa_supplicant
> *wpa_s, const u8 *dest,
>  		return 0;
>  	}
>  #endif /* CONFIG_TESTING_OPTIONS */
> +	ret = wpa_drv_send_eapol(wpa_s, dest, buf, len);

FWIW, I do not think that drv_send_eapol and l2 should be mixed. I think that it would be better to decide which API to use during init.

Regards,

Ilan.



More information about the Hostap mailing list