IEEE 802.1x with dynamic WEP doesn't work in hostapd CVS

Jouni Malinen jkmaline at cc.hut.fi
Fri Nov 12 21:42:11 EST 2004


On Fri, Nov 12, 2004 at 04:39:38PM -0500, Andrew Barr wrote:

> I upgraded my AP to the latest HostAP CVS trying to resolve a WPA issue that 
> now appears to be the fault of the driver (or operator) ;-). Failing to 
> resolve the issue, I configured my AP to use IEEE 802.1x with dynamic WEP, 
> and I could not authenticate. Running xsupplicant with -d9 for verbose 
> debugging, I got this:

Could you please re-test with another client/supplicant?

> [ALL] Got Frame :
> 00 04 23 5E F9 21 00 0D - 88 50 C7 30 88 8E 02 00 ..#^.!...P.0....
> 00 05 01 00 00 05 01                              .......
> [ALL] Got invalid EAPOL frame!

That frame looks correct.. Based on a quick look at xsupplicant source
code, it looks like the IEEE 802.1X/EAPOL version handling is done
incorrectly and it is dropping packets with version numbers creater than
1 even though the correct behavior for version 1 supplicant would be to
ignore the version number and process the frames as version 1 frames.

> Notice the invalid EAPOL frame message. Downgrading to the latest release 
> (hostapd 0.2.5) immediately resolves the problem. Does the CVS version of 
> hostapd work, or should I be sticking to stable releases here?

As far as I know, the CVS version works. The main difference between
0.2.x and 0.3.x is that 0.3.x is using newer version of EAPOL defined in
IEEE 802.1X-REV. This looks like a supplicant issue, so I would
recommend reporting this on xsupplicant mailing lists. You should also
be able to use wpa_supplicant which supports new EAPOL version number.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list