[PATCH v2] wpa_supplicant: fix auth failure when the MAC is updated externally

Jouni Malinen j at w1.fi
Fri Mar 30 06:31:48 PDT 2018

On Thu, Feb 15, 2018 at 11:50:01AM +0100, Beniamino Galvani wrote:
> When connecting to a WPA-EAP network and the MAC address is changed
> just before the association (for example by NetworkManager, which sets
> a random MAC during scans), the authentication sometimes fails in the
> following way ('####' logs added by me):
> That's because wpa_supplicant computed the PMKID using the wrong (old)
> MAC address used during the scan. wpa_supplicant updates own_addr when
> the interface goes up, as the MAC can only change while the interface
> is down. However, drivers don't report all interface state changes:
> for example the nl80211 driver may ignore a down-up cycle if the down
> message is processed later, when the interface is already up. In such
> cases, wpa_supplicant (and in particular, the EAP state machine) would
> continue to use the old MAC.
> Add a new driver event that notifies of MAC address changes while the
> interface is active.

Thanks, applied.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list