wpa_supplicant_set_suites() stores the key protocol in wpa_s->wpa_proto and we have to select the WPA version of the eapol frame based on that. Signed-off-by: Alexander Wetzel <alexander@xxxxxxxxxxxxxx> --- I just tripped over the fact that the eapol version number is wrong in many captures when the frame has been sent by wpa_supplicant. A nice but old sample is even included in the wireshark test suite, accessible e.g. here: https://github.com/wireshark/wireshark/blob/master/test/captures/wpa-eap-tls.pcap.gz (One of my old captures, so I know it's also using hostapd/wpa_supplicant.) But when you look into the *.hwsim0 test files you quite often see something like here in ap_hs20_osen.hwsim0: RX EAPOL: 02:00:00:00:03:00 -> 02:00:00:00:05:00 ver=2 type=0 len=5 RX EAPOL: 02:00:00:00:05:00 -> 02:00:00:00:03:00 ver=1 type=0 len=21 RX EAPOL: 02:00:00:00:03:00 -> 02:00:00:00:05:00 ver=2 type=0 len=13 RX EAPOL: 02:00:00:00:05:00 -> 02:00:00:00:03:00 ver=1 type=0 len=203 RX EAPOL: 02:00:00:00:03:00 -> 02:00:00:00:05:00 ver=2 type=0 len=1410 RX EAPOL: 02:00:00:00:05:00 -> 02:00:00:00:03:00 ver=1 type=0 len=13 RX EAPOL: 02:00:00:00:03:00 -> 02:00:00:00:05:00 ver=2 type=0 len=115 RX EAPOL: 02:00:00:00:05:00 -> 02:00:00:00:03:00 ver=1 type=0 len=106 RX EAPOL: 02:00:00:00:03:00 -> 02:00:00:00:05:00 ver=2 type=0 len=64 RX EAPOL: 02:00:00:00:05:00 -> 02:00:00:00:03:00 ver=1 type=0 len=13 RX EAPOL: 02:00:00:00:03:00 -> 02:00:00:00:05:00 ver=2 type=0 len=4 RX EAPOL: 02:00:00:00:03:00 -> 02:00:00:00:05:00 ver=2 type=3 len=95 The AP is using using version 2 but wpa_supplicant sets the version to 1 for the reply. I think I found and fixed the issue. I have not yet made a full new test run, though. And there could of course be a better way to fix that... Alexander wpa_supplicant/preauth_test.c | 5 ++++- wpa_supplicant/wpas_glue.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c index b0cc977e8..a6dd22502 100644 --- a/wpa_supplicant/preauth_test.c +++ b/wpa_supplicant/preauth_test.c @@ -52,7 +52,10 @@ static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type, if (hdr == NULL) return NULL; - hdr->version = wpa_s->conf->eapol_version; + if (wpa_s->wpa_proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)) + hdr->version = WPA_PROTO_RSN; + else + hdr->version = WPA_PROTO_WPA; hdr->type = type; hdr->length = htons(data_len); diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index 0355c7588..5d60f80d6 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -69,7 +69,10 @@ static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type, if (hdr == NULL) return NULL; - hdr->version = wpa_s->conf->eapol_version; + if (wpa_s->wpa_proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)) + hdr->version = WPA_PROTO_RSN; + else + hdr->version = WPA_PROTO_WPA; hdr->type = type; hdr->length = host_to_be16(data_len); -- 2.23.0 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
