[PATCH] Set supplicant port unauthorized during EAP reauthentication

Mikael Kanstrup mikael.kanstrup at sonymobile.com
Thu Apr 9 07:50:16 EDT 2015


From: York WU <york.wu at sonymobile.com>

When authenticator initiates an EAP reauthentication port should be
set unauthorized until EAP negotiation completes. This prevents
sending data frames when not being authenticated.

The patch solves the following scenario:
- STA connected to AP with EAP based authentication
- iperf (or other traffic) active
- AP (authenticator) initiates EAP reauthentication
  (eap_reauth_period times out)
- During EAP negotiation data continue to flow
- AP deauthenticates STA with reason 2 "Previous authentication
  no longer valid" or reason 7 "Class 3 frame received
  from nonassociated station"

Signed-off-by: Mikael Kanstrup <mikael.kanstrup at sonymobile.com>
---
 src/eapol_supp/eapol_supp_sm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 9cc234a..b5a7d00 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -312,6 +312,7 @@ SM_STATE(SUPP_PAE, AUTHENTICATED)
 SM_STATE(SUPP_PAE, RESTART)
 {
 	SM_ENTRY(SUPP_PAE, RESTART);
+	eapol_sm_set_port_unauthorized(sm);
 	sm->eapRestart = TRUE;
 }
 
-- 
1.8.2.2



More information about the HostAP mailing list