aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2008-12-29 16:10:34 (GMT)
committerJouni Malinen <j@w1.fi>2008-12-29 16:10:34 (GMT)
commit8e09c6d25306135106c12a013966102ab01ddc38 (patch)
tree45703efd7782a3e2573fb78f9206fb28c1a60575 /src/eap_server/eap.c
parent65d50f0ac63b6c7831cc0b04bbd476dd48b0991b (diff)
downloadhostap-06-8e09c6d25306135106c12a013966102ab01ddc38.zip
hostap-06-8e09c6d25306135106c12a013966102ab01ddc38.tar.gz
hostap-06-8e09c6d25306135106c12a013966102ab01ddc38.tar.bz2
Fixed retransmission of EAP requests if no response is received
It looks like this never survived the move from IEEE 802.1X-2001 to IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission scheduling and control is now in EAP authenticator and the calculateTimeout() producedure is used to determine timeout for retransmission (either dynamic backoff or value from EAP method hint). The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not yet implemented since there is no round-trip time measurement available yet. This should make EAP authentication much more robust in environments where initial packets are lost for any reason. If the EAP method does not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20, ... seconds will be used.
Diffstat (limited to 'src/eap_server/eap.c')
-rw-r--r--src/eap_server/eap.c49
1 files changed, 45 insertions, 4 deletions
diff --git a/src/eap_server/eap.c b/src/eap_server/eap.c
index 289337f..dea91e6 100644
--- a/src/eap_server/eap.c
+++ b/src/eap_server/eap.c
@@ -792,10 +792,51 @@ static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount,
int eapSRTT, int eapRTTVAR,
int methodTimeout)
{
- /* For now, retransmission is done in EAPOL state machines, so make
- * sure EAP state machine does not end up trying to retransmit packets.
+ int rto, i;
+
+ if (methodTimeout) {
+ /*
+ * EAP method (either internal or through AAA server, provided
+ * timeout hint. Use that as-is as a timeout for retransmitting
+ * the EAP request if no response is received.
+ */
+ wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
+ "(from EAP method hint)", methodTimeout);
+ return methodTimeout;
+ }
+
+ /*
+ * RFC 3748 recommends algorithms described in RFC 2988 for estimation
+ * of the retransmission timeout. This should be implemented once
+ * round-trip time measurements are available. For nowm a simple
+ * backoff mechanism is used instead if there are no EAP method
+ * specific hints.
+ *
+ * SRTT = smoothed round-trip time
+ * RTTVAR = round-trip time variation
+ * RTO = retransmission timeout
*/
- return 1;
+
+ /*
+ * RFC 2988, 2.1: before RTT measurement, set RTO to 3 seconds for
+ * initial retransmission and then double the RTO to provide back off
+ * per 5.5. Limit the maximum RTO to 20 seconds per RFC 3748, 4.3
+ * modified RTOmax.
+ */
+ rto = 3;
+ for (i = 0; i < retransCount; i++) {
+ rto *= 2;
+ if (rto >= 20) {
+ rto = 20;
+ break;
+ }
+ }
+
+ wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
+ "(from dynamic back off; retransCount=%d)",
+ rto, retransCount);
+
+ return rto;
}
@@ -1158,7 +1199,7 @@ struct eap_sm * eap_server_sm_init(void *eapol_ctx,
return NULL;
sm->eapol_ctx = eapol_ctx;
sm->eapol_cb = eapol_cb;
- sm->MaxRetrans = 10;
+ sm->MaxRetrans = 5; /* RFC 3748: max 3-5 retransmissions suggested */
sm->ssl_ctx = conf->ssl_ctx;
sm->eap_sim_db_priv = conf->eap_sim_db_priv;
sm->backend_auth = conf->backend_auth;