Starting EAP sequence
Alan DeKok
aland at deployingradius.com
Thu Mar 11 12:23:06 GMT 2021
On Mar 10, 2021, at 11:56 PM, Michel Verhagen <mike at guruce.com> wrote:
> I'm using the EAP library to implement EAPOL on an embedded device. Got it to go, with EAP-MD5 and EAP-TTLS and certificates, so all good. However, I'm trying to get the library to prepare me an EAPOL START packet. I'd like to initiate the start of the EAP handshake, because depending on the settings of the authenticator, it can take a long time before the EAP handshake sequence is initiated.
I haven't used the library myself, but the problem, here is likely layering.
i.e. you're using an EAP library. EAP runs on EAPoL, PPP, PANA, RADIUS, Diameter, ..., where the library just does EAP.
EAPoL is managed by the IEEE 802.1X state machine. Which uses EAP, but isn't part of the EAP library.
> I thought setting _eap_ctx.eapRestart to 1 (true) or even eapTriggerStart to 1 and calling eap_peer_step would get me the packet data to send, but I can't see eapTriggerStart used anywhere in the code.
See src/eapol_supp/eapol_supp_sm.c, which runs the EAPoL supplicant state machine. It checks eapTriggerStart, and ends up calling eapol_sm_txStart().
> Does anybody know how to get the EAP library to prepare an EAP Start packet?
You can't. EAP isn't the same as the Ethernet layer EAPoL state machine.
> I can of course prepare and send that packet myself, but it looks like the EAP library should be able to do this as well...
No. The EAP library does EAP. The 802.1X / supplicant state machine does Ethernet, and EAPoL.
Alan DeKok.
More information about the Hostap
mailing list