aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2008-12-29 16:10:34 (GMT)
committerJouni Malinen <j@w1.fi>2008-12-29 16:10:34 (GMT)
commit8e09c6d25306135106c12a013966102ab01ddc38 (patch)
tree45703efd7782a3e2573fb78f9206fb28c1a60575 /hostapd
parent65d50f0ac63b6c7831cc0b04bbd476dd48b0991b (diff)
downloadhostap-8e09c6d25306135106c12a013966102ab01ddc38.zip
hostap-8e09c6d25306135106c12a013966102ab01ddc38.tar.gz
hostap-8e09c6d25306135106c12a013966102ab01ddc38.tar.bz2
Fixed retransmission of EAP requests if no response is received
It looks like this never survived the move from IEEE 802.1X-2001 to IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission scheduling and control is now in EAP authenticator and the calculateTimeout() producedure is used to determine timeout for retransmission (either dynamic backoff or value from EAP method hint). The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not yet implemented since there is no round-trip time measurement available yet. This should make EAP authentication much more robust in environments where initial packets are lost for any reason. If the EAP method does not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20, ... seconds will be used.
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/ChangeLog1
-rw-r--r--hostapd/eapol_sm.c9
-rw-r--r--hostapd/ieee802_1x.c43
3 files changed, 24 insertions, 29 deletions
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 2c863d1..09b34cd 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -19,6 +19,7 @@ ChangeLog for hostapd
* added support for using driver_test over UDP socket
* changed EAP-GPSK to use the IANA assigned EAP method type 51
* updated management frame protection to use IEEE 802.11w/D7.0
+ * fixed retransmission of EAP requests if no response is received
2008-11-23 - v0.6.6
* added a new configuration option, wpa_ptk_rekey, that can be used to
diff --git a/hostapd/eapol_sm.c b/hostapd/eapol_sm.c
index 826d71d..49a557a 100644
--- a/hostapd/eapol_sm.c
+++ b/hostapd/eapol_sm.c
@@ -174,6 +174,15 @@ static void eapol_port_timers_tick(void *eloop_ctx, void *timeout_ctx)
}
}
+ if (state->eap_if->retransWhile > 0) {
+ state->eap_if->retransWhile--;
+ if (state->eap_if->retransWhile == 0) {
+ wpa_printf(MSG_DEBUG, "IEEE 802.1X: " MACSTR
+ " - (EAP) retransWhile --> 0",
+ MAC2STR(state->addr));
+ }
+ }
+
eapol_sm_step_run(state);
eloop_register_timeout(1, 0, eapol_port_timers_tick, eloop_ctx, state);
diff --git a/hostapd/ieee802_1x.c b/hostapd/ieee802_1x.c
index d0d8e09..17c743f 100644
--- a/hostapd/ieee802_1x.c
+++ b/hostapd/ieee802_1x.c
@@ -105,19 +105,6 @@ void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
}
-static void ieee802_1x_eap_timeout(void *eloop_ctx, void *timeout_ctx)
-{
- struct sta_info *sta = eloop_ctx;
- struct eapol_state_machine *sm = sta->eapol_sm;
- if (sm == NULL)
- return;
- hostapd_logger(sm->hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
- HOSTAPD_LEVEL_DEBUG, "EAP timeout");
- sm->eap_if->eapTimeout = TRUE;
- eapol_auth_step(sm);
-}
-
-
static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
struct sta_info *sta,
int idx, int broadcast,
@@ -594,7 +581,6 @@ static void handle_eap_response(struct hostapd_data *hapd,
}
sm->eap_type_supp = type = data[0];
- eloop_cancel_timeout(ieee802_1x_eap_timeout, sta, NULL);
hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X,
HOSTAPD_LEVEL_DEBUG, "received EAP packet (code=%d "
@@ -940,8 +926,6 @@ void ieee802_1x_free_station(struct sta_info *sta)
{
struct eapol_state_machine *sm = sta->eapol_sm;
- eloop_cancel_timeout(ieee802_1x_eap_timeout, sta, NULL);
-
if (sm == NULL)
return;
@@ -1211,7 +1195,6 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
struct sta_info *sta;
u32 session_timeout = 0, termination_action, acct_interim_interval;
int session_timeout_set, old_vlanid = 0;
- int eap_timeout;
struct eapol_state_machine *sm;
int override_eapReq = 0;
@@ -1337,18 +1320,20 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
sm->eap_if->aaaEapReq = TRUE;
if (session_timeout_set) {
/* RFC 2869, Ch. 2.3.2; RFC 3580, Ch. 3.17 */
- eap_timeout = session_timeout;
- } else
- eap_timeout = 30;
- hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X,
- HOSTAPD_LEVEL_DEBUG,
- "using EAP timeout of %d seconds%s",
- eap_timeout,
- session_timeout_set ? " (from RADIUS)" : "");
- eloop_cancel_timeout(ieee802_1x_eap_timeout, sta, NULL);
- eloop_register_timeout(eap_timeout, 0, ieee802_1x_eap_timeout,
- sta, NULL);
- sm->eap_if->eapTimeout = FALSE;
+ sm->eap_if->aaaMethodTimeout = session_timeout;
+ hostapd_logger(hapd, sm->addr,
+ HOSTAPD_MODULE_IEEE8021X,
+ HOSTAPD_LEVEL_DEBUG,
+ "using EAP timeout of %d seconds (from "
+ "RADIUS)",
+ sm->eap_if->aaaMethodTimeout);
+ } else {
+ /*
+ * Use dynamic retransmission behavior per EAP
+ * specification.
+ */
+ sm->eap_if->aaaMethodTimeout = 0;
+ }
break;
}