Wed Sep 3 05:03:20 PDT 2008
On Tue, Sep 02, 2008 at 04:09:45PM -0700, Chuck Tuffli wrote:
> I was looking into a problem with EAP-Fail and noticed that the
> EAP_RECEIVED state in SM_STEP(EAP) doesn't process rxFail.
It does process rxFailure assuming the EAP method is in a state that
allows EAP-Failure to be processed..
> receiving an EAP-Failure, I would have expected the state machine to go
> to EAP_FAILURE instead of EAP_DISCARD. Does it make sense to add the
> following to the receive processing
It should move to FAILURE state on EAP-Failure, but only if the EAP
method allows this (i.e., methodState != METHOD_CONT and decision !=
DECISION_UNCOND_SUCC). I would guess that the method did not set
methodState to METHOD_MAY_CONT (if it is unclear whether EAP server
could still continue the method) or METHOD_DONE (if it is clear that the
next message from server is either EAP-Success or EAP-Failure).
Forcing this to happen regardless of the methodState variable would be
against the EAP state machine design and I do not think it is necessary
to resolve this case.
Jouni Malinen PGP id EFC895FA
More information about the Hostap