hostapd handling .1x and reassoc
Ta-Chien Lin
tl2a.ch
Fri Dec 22 09:31:00 PST 2006
When hostapd is running in 802.1x mode and an associated client (AP's
perspective) sends ASSOC or RE-ASSOC, both are treated as RE-ASSOC by
hostapd. With syslog logging level set to 0, the event sequence is as the
following:
daemon.info hostapd: wlan0: STA 00:12:f0:5b:95:2a IEEE 802.11: associated
daemon.debug hostapd: wlan0: STA 00:12:f0:5b:95:2a WPA: event 1 notification
daemon.debug hostapd: wlan0: STA 00:12:f0:5b:95:2a WPA: event 4 notification
At this point, if the AP does not receive EAPOL-Start from the client (event
5 notification), for any reason, the connection remains "authorized" but
there is no longer any KEY.
In a real assoc event, hostapd will take the data path to immediately begin
.1X authentication, so the connection can move along, whether STA sends
EAPOL-Start or not.
It would be good if on a "re-assoc" event, hostapd does the same thing,
without waiting for STA's EAPOL-Start to show up.
This can be accomplished by adding "sta->eapol_sm->reAuthenticate = TRUE;"
in the function ieee802_1x_new_station, in the else clause of "if
(sta->pmksa)", just before stepping through the eapol state machine.
-Ta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20061222/9c9e2e2d/attachment.htm
More information about the Hostap
mailing list