On Mon, Apr 29, 2019 at 11:00:02AM +0200, Zefir Kurtisi wrote: > We use the wired driver for wired port authentication with a slight extension > to add the port into a bridge upon successful authentication and to remove it > from the bridge when the session terminates. > > Our expectation was that the Session-Timeout configuration at the RADIUS server > is respected, i.e. the session is terminated and would need re-authentication - > like it is working for WLAN sessions over the nl80211 driver. Alas it turned out > the session is not terminated with the wired driver. > > Turned out when ap_handle_session_timer() is executed, the sta->flags of the > wired port has only the WLAN_STA_AUTHORIZED bit set. The WLAN_STA_AUTH bit, > which is used to check whether the STA needs to be de-authenticated, is missing. > > Not sure if this is an issue with the wired driver (i.e. WLAN_STA_AUTHORIZED > can't exist without WLAN_STA_AUTH), or the Session-Timeout feature was not > considered for wired so far. > > With extending the check for any of the WLAN_STA_(AUTH | ASSOC | AUTHORIZED) > bits our issue is resolved, but we are not aware whether this is a valid > workaround without potential side-effects. Thanks, applied. This looks like a safe thing to do and I don't see it causing any issues for the WLAN cases. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
