Re: [PATCH 39/44] start radius accounting after FT and PREauth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 24, 2016 at 12:53:45PM +0100, michael-dev@xxxxxxxxxxxxx wrote:
> eapol_sm_set_port_authorized is not called as eapol state machine
> is set directly to authorized. Thus accounting was not started.

Would you be able to share a hostapd debug log showing such cases (both
FT and PMKSA caching)? I cannot reproduce this at least with the PMKSA
caching case.

> diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
> @@ -1139,7 +1139,8 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
> -		/* TODO: get vlan_id from R0KH using RRB message */
> +		ap_sta_bind_vlan(hapd, sta);

This looks independent change and should be in a separate commit. In any
case, I could not apply that part before the open items in RRB message
extensions have been resolved.

> @@ -1161,6 +1162,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
>  			eap_sm_notify_cached(sta->eapol_sm->eap);
>  		pmksa_cache_to_eapol_data(hapd, pmksa, sta->eapol_sm);
>  		ap_sta_bind_vlan(hapd, sta);
> +		ieee802_1x_set_sta_authorized(hapd, sta, 1);

This does not look correct. ieee802_1x_new_station() is called before
the 4-way handshake has completed. The port should not be marked
authorized before that. And in any case, accounting session is already
starting at that point without this patch, so I'm not sure why this
change would be needed here.

The FT case may be more applicable since FT protocol does not include
4-way handshake. That said, maybe it would be better to replace the
ap_sta_set_authorized() call in handle_assoc_cb() with
ieee802_1x_set_sta_authorized() for this case to have a single place to
take all the needed steps.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux