[PATCH] Set supplicant port unauthorized during EAP reauthentication

Jouni Malinen j at w1.fi
Wed Dec 30 01:14:03 PST 2015

On Fri, Apr 10, 2015 at 09:50:55AM +0200, Mikael Kanstrup wrote:
> Thanks for your review! I agree with the comments you gave and realize
> that this patch just cure the symptoms.

I had this patch still in my queue for review, but I'm dropping it now
as it is not correct thing to do as noted. Just a couple of late
comments related to the symptoms:

> Setup 1
> AP runs latest hostapd from master
> STA runs latest wpa_supplicant from master
> Both ends use D-Link DWA-160 USB dongle (rt2800usb driver)
> Setup 2
> AP runs latest hostapd from master
> STA runs latest wpa_supplicant from master
> STA use D-Link DWA-160 USB dongle
> AP use Intel Wireless 7260
> With both setups I get deauth with reason 2.

hostapd does not disconnect a station when needed to do EAP
reauthentication. Deauthentication would happen due to not being able to
complete reauthentication for some reason (which might be triggered by
excessive use of data traffic during the reauthentication exchange).

> Hostapd logs shows this
> ...
> wlan8: CTRL-EVENT-EAP-SUCCESS 9c:d6:43:e7:bb:65
> wlan8: STA 9c:d6:43:e7:bb:65 RADIUS: starting accounting session
> 55277781-00000001
> wlan8: STA 9c:d6:43:e7:bb:65 IEEE 802.1X: authenticated - EAP type: 0
> (unknown) (PMKSA cache)
> wlan8: AP-STA-DISCONNECTED 9c:d6:43:e7:bb:65
> WPA: wpa_sm_step() called recursively
> wlan8: STA 9c:d6:43:e7:bb:65 IEEE 802.11: deauthenticated due to local
> deauth request

This does not include enough details (-ddt on the command line would be
needed) to determine why the station disconnect. In practice, I'd expect
significant other data traffic being behind the issue and pushing out
the EAPOL frame exchanges. If WMM/QoS is used here, making EAPOL frames
use higher priority is one common mechanism drivers try to avoid this

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list