On Wed, Feb 24, 2016 at 12:53:45PM +0100, michael-dev@xxxxxxxxxxxxx wrote: > eapol_sm_set_port_authorized is not called as eapol state machine > is set directly to authorized. Thus accounting was not started. Would you be able to share a hostapd debug log showing such cases (both FT and PMKSA caching)? I cannot reproduce this at least with the PMKSA caching case. > diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c > @@ -1139,7 +1139,8 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta) > - /* TODO: get vlan_id from R0KH using RRB message */ > + ap_sta_bind_vlan(hapd, sta); This looks independent change and should be in a separate commit. In any case, I could not apply that part before the open items in RRB message extensions have been resolved. > @@ -1161,6 +1162,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta) > eap_sm_notify_cached(sta->eapol_sm->eap); > pmksa_cache_to_eapol_data(hapd, pmksa, sta->eapol_sm); > ap_sta_bind_vlan(hapd, sta); > + ieee802_1x_set_sta_authorized(hapd, sta, 1); This does not look correct. ieee802_1x_new_station() is called before the 4-way handshake has completed. The port should not be marked authorized before that. And in any case, accounting session is already starting at that point without this patch, so I'm not sure why this change would be needed here. The FT case may be more applicable since FT protocol does not include 4-way handshake. That said, maybe it would be better to replace the ap_sta_set_authorized() call in handle_assoc_cb() with ieee802_1x_set_sta_authorized() for this case to have a single place to take all the needed steps. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap