[PATCH] EAPOL_SUPP: ignore Response at CONNECTING state

[xinpeng wang]

When using PEAP certification, the server may use Identity's Request message
as a heartbeat; there will be many clients on the Internet to send address
01: 80: C2: 00: 03 Identity's Response message as a heartbeat; at this time
When a client is broken and reconnect, it is easy to receive this message,
resulting in triggering restart of EAPOL authentication, resulting in a slow
authentication. So Ignore the response message in the Connecting state.

Signed-off-by: xinpeng wang <wangxinpeng at uniontech.com>
---
 src/eapol_supp/eapol_supp_sm.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 861eea2ae..f1288cea9 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1357,6 +1357,15 @@ int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
 				break;
 			}
 		}
+		{
+			const struct eap_hdr *ehdr =
+				(const struct eap_hdr *) (hdr + 1);
+			if (plen >= sizeof(*ehdr) && ehdr->code == EAP_CODE_RESPONSE &&
+				sm->SUPP_PAE_state == SUPP_PAE_CONNECTING) {
+				wpa_printf(MSG_DEBUG, "EAPOL: Ignore EAP packet response when connecting");
+				break;
+			}
+		}
 
 		if (sm->cached_pmk) {
 			/* Trying to use PMKSA caching, but Authenticator did
-- 
2.20.1