When using PEAP certification, the server may use Identity's Request message
as a heartbeat; there will be many clients on the Internet to send address
01: 80: C2: 00: 03 Identity's Response message as a heartbeat; at this time
When a client is broken and reconnect, it is easy to receive this message,
resulting in triggering restart of EAPOL authentication, resulting in a slow
authentication. So Ignore the response message in the Connecting state.
Signed-off-by: xinpeng wang <wangxinpeng@xxxxxxxxxxxxx>
---
src/eapol_supp/eapol_supp_sm.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 861eea2ae..f1288cea9 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1357,6 +1357,15 @@ int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
break;
}
}
+ {
+ const struct eap_hdr *ehdr =
+ (const struct eap_hdr *) (hdr + 1);
+ if (plen >= sizeof(*ehdr) && ehdr->code == EAP_CODE_RESPONSE &&
+ sm->SUPP_PAE_state == SUPP_PAE_CONNECTING) {
+ wpa_printf(MSG_DEBUG, "EAPOL: Ignore EAP packet response when connecting");
+ break;
+ }
+ }
if (sm->cached_pmk) {
/* Trying to use PMKSA caching, but Authenticator did
--
2.20.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
